In hdd_get_class_a_statistics_cb api, context is actually
cookie and it can be NULL if this is the first request. on
class A stats request, when hdd_get_class_a_statistics_cb is
invoked with context as NULL, the NULL check in callback
will not update the latest stats result and will return.
Change-Id: I8c33a0e82d9915a4b3d76e695ceab7ecd9301b89
CRs-Fixed: 2244767
User sends driver a list of roaming scan channels to set through IOCTL
SETROAMSCANCHANNELS. The parameters include the number of elements in
the array, followed by channel array and then a NULL character. But
when driver loops through the channel array it doesn't have a NULL
check. An erroneous number of elements passed by user may cause buffer
overread.
Add a NULL check on channels passed in IOCTL SETROAMSCANCHANNELS.
Change-Id: I7342aa5cf8e5267b7ed06a4e35b1ed882fb97893
CRs-Fixed: 2227039
Fix tTxrateinfoflags as per linux coding guidelines, this will later
help move the struct to qcacmn.
Change-Id: I1911d25594aaecc7c166cf36b79111b61e6de457
CRs-Fixed: 2244834
While processing vendor command QCA_NL80211_VENDOR_SUBCMD_GET_WIFI_INFO,
respective handler wlan_hdd_cfg80211_get_wifi_info() is not allocating
memory for QCA_WLAN_VENDOR_ATTR_WIFI_INFO_RADIO_INDEX in event buffer
and trying to populate radio_index with nla_put_u32(). Buffer-overflow
is avoided with buffer length check in nla api but error is returned.
Return of error for valid user input is incorrect.
To fix this, add size of radio index in event buffer size calculation.
Change-Id: I39973814ae9b10466b9d5e3492a42b745a7f2a5e
CRs-Fixed: 2230298
Flow control resize implementaion as part of
Genoa enhancements to reduce total desc requirement
from 3600 to 2000.
Change-Id: Iee5d3ff08dcea13c11632cd29e6edba0dc3e979f
CRs-Fixed: 2223553
hdd_wlan_start_modules() currently takes an adapter parameter in order
to do management frame event deregistration. Instead, do management
frame event deregistration during adapter stop for symmetry with the
event registration. This allows us to remove the adapter parameter
completely from hdd_wlan_start_modules().
Change-Id: Ifb4619c80a129b8ef4e84c597dd98004d5cd713d
CRs-Fixed: 2240850
Address the following issues in the core/wma folder:
CHECK: 'accomodate' may be misspelled - perhaps 'accommodate'?
CHECK: 'acess' may be misspelled - perhaps 'access'?
CHECK: 'catagory' may be misspelled - perhaps 'category'?
CHECK: 'chnage' may be misspelled - perhaps 'change'?
CHECK: 'defintions' may be misspelled - perhaps 'definitions'?
CHECK: 'Intialize' may be misspelled - perhaps 'Initialize'?
CHECK: 'Intial' may be misspelled - perhaps 'Initial'?
CHECK: 'proces' may be misspelled - perhaps 'process'?
CHECK: 'progess' may be misspelled - perhaps 'progress'?
CHECK: 'refrence' may be misspelled - perhaps 'reference'?
CHECK: 'Relevent' may be misspelled - perhaps 'Relevant'?
CHECK: 'reponse' may be misspelled - perhaps 'response'?
Change-Id: Idc314b5a3a6945211581e2135cfaf9d0d5f69457
CRs-Fixed: 2241946
Address the following issues in the core/sme folder:
CHECK 'accomodates' may be misspelled - perhaps 'accommodates'?
(actually accommodated)
CHECK 'acknowledgement' may be misspelled - perhaps 'acknowledgment'?
CHECK 'becasue' may be misspelled - perhaps 'because'?
CHECK 'becuase' may be misspelled - perhaps 'because'?
CHECK 'catagory' may be misspelled - perhaps 'category'?
CHECK 'explictly' may be misspelled - perhaps 'explicitly'?
CHECK 'failue' may be misspelled - perhaps 'failure'?
CHECK 'fucntion' may be misspelled - perhaps 'function'?
CHECK 'infomation' may be misspelled - perhaps 'information'?
CHECK 'inteface' may be misspelled - perhaps 'interface'?
CHECK 'managment' may be misspelled - perhaps 'management'?
CHECK 'messsage' may be misspelled - perhaps 'message'?
CHECK 'Notifed' may be misspelled - perhaps 'Notified'?
As well as the following spotted during code review:
'sucsess' -> 'success'
Change-Id: Ieaa299d4dbc08c07f10aaf9d967336ac7b11d88d
CRs-Fixed: 2241947
From the IOCTL command WE_POLICY_MANAGER_PCL_CMD, we get the cds
concurrency mode as argument and pass it to cds_get_pcl to get
the pcl channel list. This concurrency mode parameter is used as
the array index to retrive the enum cds_pcl_type. If this value
is greater than CDS_MAX_NUM_OF_MODE an OOB read will occur in
iw_hdd_set_var_ints_getnone.
Add check to validate the input cds mode argument against the macro
CDS_MAX_NUM_OF_MODE. Return error if it is violated.
Change-Id: Iaa79d9698e0074a31a9c3f2396bd06d436d1e349
CRs-Fixed: 2216048
Address the following issues in the core/sap folder:
CHECK: 'availabe' may be misspelled - perhaps 'available'?
CHECK: 'defult' may be misspelled - perhaps 'default'?
CHECK: 'fucntion' may be misspelled - perhaps 'function'?
CHECK: 'Funtion' may be misspelled - perhaps 'Function'?
CHECK: 'intial' may be misspelled - perhaps 'initial'?
Change-Id: Id1e696f70d4d3c5ff650a353eb8402216909bc2c
CRs-Fixed: 2241944
When trying to add multiple softap interfaces, sanity checks in
wlan_hdd_allow_sap_add() are trying to access dev in adapter without
NULL check which can lead to NULL pointer exception.
To fix this, add NULL check for dev before access of its attributes.
Change-Id: I57577da1b60443a42e273f87e9f4feac123bc686
CRs-Fixed: 2232394
Fix overwrite when handling RSN element and WAPI AKM suite
list in wlan_hdd_cfg80211_set_ie.
Change-Id: I63528da4c2dfafa22f2c6fc73afe52727af02b64
CRs-Fixed: 2228031
Change "qcacld-3.0: Add support to send A-MSDU aggregation type
to firmware" combines the AMSDU/AMPDU configuration path in WMA
layer, which is causing some ampdu parameters be overwritten by
value of amsdu.
Avoid GEN_VDEV_PARAM_AMSDU handler to touch ampdu parameters.
CRs-Fixed: 2243571
Change-Id: I52119f2bbcb306f5fad704e912c4cbb179c6a369
Fix the HE mcs rates when the ack policy is set to no ack to
reduce the tx failures.
Change-Id: Iff923bcb6094d1a75ba1e14ff19897f9ca8c2e0a
CRs-Fixed: 2236565
Presently, while processing SET_PASSPOINT_LIST vendor command
HDD is not making sure realm string passed by upper-layer is NULL
terminated, this may lead to buffer overflow as strlen is used
to get realm string length to construct PASSPOINT WMA command.
Make sure realm is NULL terminated before passing the same to
down layers.
Change-Id: I417f2b89dc219664afe5deac00dc361cac4048d6
CRs-Fixed: 2180699
Currently in functions to show IPA resource info and IPA stats
there are information related to IPA resources memory address.
This may be lead to potential information leak to the location
of IPA resources. Remove the addresses information from the
logs in res info and stats function.
Change-Id: I75d756211c8aaaea300fb207e40a08f5b1ca81e3
CRs-Fixed: 2225361
DISA encrypt/decrypt test is not supported by FW when power save is
enabled. Add check to reject DISA encrypt/decrypt vendor test command
if power save is enabled.
Change-Id: Ia83036f957a3298288d312f836d40284344ce8e8
CRs-Fixed: 2240880
If concurrent sap exists, which means dfs_init_radar_filters has
been called before, there is no need to call it again.
Change-Id: Ibf1805b0dbd27fbdf36c37450bdb95626195fb81
CRs-Fixed: 2241282
The obss active dwell time does not match with OBSS IE in association
response, it is a mistake to assign passive dwell time of OBSS IE to
active dwell time, and the passive dwell time value is from ini, not
updated to OBSS IE value.
Assign OBSS IE passive dwell time to passive dwell time parameter.
Change-Id: I5e7945353d00f0411ef3d92534c3f170dec440a5
CRs-Fixed: 2239670
LDPC dynamic configuration setting is not updated into session
configuration hence LDPC disable do not happen when user disable
it. Update the session configuration parameters for LDPC with
user settings.
Change-Id: Ic0b5f2b17cde5746054f90d78d6c99624444d086
CRs-Fixed: 2235936
mpdu_bytes_array_len, mpdu_msdus_array_len, and msdu_bytes_array_len
are used to calculate the record size, as well as used as
buffer offset, without any verification. This can cause to multiple
overflows and underflow leading to OOB reads.
Add checks for each arithmetic operation with these variables.
Change-Id: Ib6ec6ac6932eb8c541bc2357d45d3feaf39fdb7d
CRs-Fixed: 2226125
The driver verifies the replay_attack in protected
management frames in the API wma_is_ccmp_pn_replay_attack
The API expects a CCMP header pointer, but it may happen that
the size of the total frame is less than the size of ieee frame
+ the CCMP header length. In that case the CCMP pointer will
point to some memory location not allocated to the frame, which
will result to out of bound access.
Fix is to add a length check to memory allocated to wbuf in
wma_process_rmf_frame
Change-Id: I351fa671cb8728843c8843c27dd91bcb201abb42
CRs-Fixed: 2230976
This commit fix the VTS test failures when running the following
deprecated commands in SupplicantStaIfaceHidlTest
RXFILTER-START
RXFILTER-STOP
BTCOEXSCAN-START
BTCOEXSCAN-STOP
Change-Id: I45fa09c24700e6872de7709c6875dbdbd8aa10cc
CRs-Fixed: 2226343
In the earlier generation of product or qcacld-3.0 code,
the wow related logs which helps debug which is the packet
waking up the APPS used to appear in kmsg and hence part of
the bugreport.
Now in the recent code base, this log is moved to LOGD
which appears in cnss_diag, with this change the ask is
to revive the same logs to appear in kmsg instead of
cnss_diag logs.
Hence move these from Debug to Info. INFO logs appear in kmsg.
Change-Id: Iefcd362209f3f2276d0c2ac53359e0f325122f95
CRs-Fixed: 2225547
Framework shall trigger disconnect for many reasons,
one of them is NUD failure. The motive to print tx queue
state whenever disconnect is triggered from the userspace
is to see the state of the tx queue at the time of disconnect.
Change-Id: I73f6359f6823de4781ed94b1d4f19c4a0a198879
CRs-Fixed: 2225547
Address the following issue in the core/pld folder:
CHECK: 'bandwith' may be misspelled - perhaps 'bandwidth'?
Change-Id: Ic397c156ff7ba32cec590083098474af16569ea7
CRs-Fixed: 2241943
Address the following issues in the core/mac folder:
CHECK: 'absense' may be misspelled - perhaps 'absence'?
CHECK: 'accquired' may be misspelled - perhaps 'acquired'?
CHECK: 'acknowledgement' may be misspelled - perhaps 'acknowledgment'?
CHECK: 'arbitary' may be misspelled - perhaps 'arbitrary'?
CHECK: 'automaticly' may be misspelled - perhaps 'automatically'?
CHECK: 'calulate' may be misspelled - perhaps 'calculate'?
CHECK: 'couter' may be misspelled - perhaps 'counter'?
CHECK: 'defferred' may be misspelled - perhaps 'deferred'?
CHECK: 'Defintions' may be misspelled - perhaps 'Definitions'?
CHECK: 'dependant' may be misspelled - perhaps 'dependent'?
CHECK: 'dosen' may be misspelled - perhaps 'doesn'?
CHECK: 'endianess' may be misspelled - perhaps 'endianness'?
CHECK: 'explicitely' may be misspelled - perhaps 'explicitly'?
CHECK: 'fimware' may be misspelled - perhaps 'firmware'?
CHECK: 'fucntion' may be misspelled - perhaps 'function'?
CHECK: 'Funtion' may be misspelled - perhaps 'Function'?
CHECK: 'immediatly' may be misspelled - perhaps 'immediately'?
CHECK: 'implemetation' may be misspelled - perhaps 'implementation'?
CHECK: 'Intialize' may be misspelled - perhaps 'Initialize'?
CHECK: 'lengh' may be misspelled - perhaps 'length'?
CHECK: 'managment' may be misspelled - perhaps 'management'?
CHECK: 'Managment' may be misspelled - perhaps 'Management'?
CHECK: 'messsages' may be misspelled - perhaps 'messages'?
CHECK: 'Notifed' may be misspelled - perhaps 'Notified'?
CHECK: 'parametes' may be misspelled - perhaps 'parameters'?
CHECK: 'Paramters' may be misspelled - perhaps 'Parameters'?
CHECK: 'processsing' may be misspelled - perhaps 'processing'?
CHECK: 'receving' may be misspelled - perhaps 'receiving'?
CHECK: 'Recieved' may be misspelled - perhaps 'Received'?
CHECK: 'reponse' may be misspelled - perhaps 'response'?
CHECK: 'reseting' may be misspelled - perhaps 'resetting'?
Change-Id: Id58b5bf38fe88007c88cbda62a1fc43c0f1b3a37
CRs-Fixed: 2241942
Address the following issues in the core/dp folder:
CHECK: 'accomodate' may be misspelled - perhaps 'accommodate'?
CHECK: 'acess' may be misspelled - perhaps 'access'?
CHECK: 'bahavior' may be misspelled - perhaps 'behavior'?
CHECK: 'catagory' may be misspelled - perhaps 'category'?
CHECK: 'continous' may be misspelled - perhaps 'continuous'?
CHECK: 'controler' may be misspelled - perhaps 'controller'?
CHECK: 'curently' may be misspelled - perhaps 'currently'?
CHECK: 'defintion' may be misspelled - perhaps 'definition'?
CHECK: 'Defintions' may be misspelled - perhaps 'Definitions'?
CHECK: 'desriptor' may be misspelled - perhaps 'descriptor'?
CHECK: 'extention' may be misspelled - perhaps 'extension'?
CHECK: 'informations' may be misspelled - perhaps 'information'?
CHECK: 'lenght' may be misspelled - perhaps 'length'?
CHECK: 'managment' may be misspelled - perhaps 'management'?
CHECK: 'messsage' may be misspelled - perhaps 'message'?
CHECK: 'neccessary' may be misspelled - perhaps 'necessary'?
CHECK: 'recieved' may be misspelled - perhaps 'received'?
CHECK: 'Recieve' may be misspelled - perhaps 'Receive'?
Change-Id: Ib8c1b94b5bb3bb5798e41dbb4c1461be80fd1398
CRs-Fixed: 2241941
Address the following issue in the core/cds folder:
CHECK: 'couter' may be misspelled - perhaps 'counter'?
CHECK: 'defintions' may be misspelled - perhaps 'definitions'?
CHECK: 'endianess' may be misspelled - perhaps 'endianness'?
CHECK: 'extention' may be misspelled - perhaps 'extension'?
CHECK: 'independant' may be misspelled - perhaps 'independent'?
CHECK: 'initilize' may be misspelled - perhaps 'initialize'?
CHECK: 'minumum' may be misspelled - perhaps 'minimum'?
CHECK: 'recieve' may be misspelled - perhaps 'receive'?
Change-Id: I8586ee1aa0a2ab59faa064ff534148511e662615
CRs-Fixed: 2241940
Address the following issues in the core/bmi folder:
CHECK: 'Defintions' may be misspelled - perhaps 'Definitions'?
CHECK: 'initilization' may be misspelled - perhaps 'initialization'?
Change-Id: I649b42e30e10e51c2c734d909a8c9ab2811b9421
CRs-Fixed: 2241939
