The error handling in cds_open(), in the event that the call to
dispatcher_psoc_open() fails, is currently empty. Add appropriate error
handing for this case by referencing cds_open() and cds_close().
Change-Id: I2b0d328e365efd67099bb8e6b529720c7b1904c5
CRs-Fixed: 2303785
Add new iwpriv command to set BA aging timeout value to hardware.
e.g. "iwpriv wlan0 set_ba_timeout <ac> <duration>" which should set
given duration in msecs for given access class.
"iwpriv wlan0 get_ba_timeout" which should get duration
value for each access class and display.
CRs-Fixed: 2254891
Change-Id: I79f79191c47376e414dceeb73b736a0a9610e3ae
The error handling in cds_open(), in the event that the call to
mac_open() fails, is currently stubbed out. Add appropriate error
handling for this case by referencing cds_open() and cds_close().
Change-Id: I6103050d5f2323250c9254a5a3add01fd0d34de3
CRs-Fixed: 2302968
psoc ref count and mac_context memory is leaked in failure cases
of mac_open API.
Fix the psoc ref count and memory leaks in failure cases.
Change-Id: I39eaa7bef5e5c50b9b1a8833bec5e6da8cdf0d72
CRs-Fixed: 2302187
BSS description is dereferencing in hdd_association_completion_handler
without checking for NULL, which may cause NULL pointer dereference.
To address this, add check for BSS description before dereferencing.
Change-Id: I24f728fb6d66b4c07dfe39f3ac426f3d2153b917
CRs-Fixed: 2299797
SAP(Go) concurrency check is mainly used for two purposes:
1) When new GO/SAP session is coming up and needs to check if
this session's channel can co-exist with existing GO/SAP
sessions. For example, in case of single radio platform, MCC for
SAP/GO+SAP/GO is not supported, in such case this API should
prevent bringing the second connection.
2)There is already existing SAP+GO combination but due to upper
layer notifying LTE-COEX event or sending command to move one of
the connections to different channel. In such cases before moving
existing connection to new channel, check if new channel can
co-exist with the other existing connection. For example, one
SAP1 is on channel-6 and second SAP2 is on channel-36 and lets
say they are doing DBS, and lets say upper layer sends LTE-COEX
to move SAP1 from channel-6 to channel-149. In this case, SAP1
and SAP2 will end up doing MCC which may not be desirable result.
Add vdev_id check while checking for 2nd case. If connection with
given vdev_id exist then it is confirmed that it's a case of
channel switch rather than a new connection case.
Change-Id: I2535b38af353be2abd9c2ff636c06f3c5869969d
CRs-Fixed: 2300451
There are two lim_set_protected_bit() implementation with/without
WLAN_FEATURE_11W defined.
So no need to wrap this function with macro WLAN_FEATURE_11W.
Change-Id: I719f623d17ed0db655d33bda04b51937f1c1c5f4
CRs-Fixed: 2298804
The bus bandwidth compute timer is a periodic timer which computes bus
bandwidth usage of associated adapters over a period of time. When the
last adapter disassociates, this timer is stopped. However, the timer
starts a work that is not stopped or flushed at this time. When the
device is under load from external subsystems, this work can get pushed
out past what is safe. When the bus bandwidth timer is stopped, also
stop and flush the bus bandwidth work to ensure safe memory access.
Change-Id: I32c15b42c9756341d1ecf534c05f87738fd24edb
CRs-Fixed: 2300697
Presently, recovery inprogress flag is set only when PLD_RECOVERY
is received but in cases of rejuvenate only PLD_FW_DOWN is received.
Set for the recovery in progress for all the firmware down events
so the unneccessary bug_on's will be avoided.
Change-Id: I654e9e5b02925ac21857369f87af6ca40d8dc815
CRs-Fixed: 2285278
Currently, driver calls hdd_alloc_station_adapter to initialize the
completion variables for a particular adapter only if mode of interface
is STA or P2P. In case when driver changes its STA + SAP mode to
STA + STA mode by calling hdd_open_concurrent_interface, driver is not
able to initialize init_completion variable for new STA interface. So
while processing fw commands (for new STA interface) which uses
completion variables, driver leads to the use of uninitialized
variables issue.
Create new function cmn_init_completion to initialize completion
variables for all interfaces while opening the HDD adapter.
Change-Id: Iae8ec1a86dd4084c9f5b39ec0d90e16182212df9
CRs-Fixed: 2288919
There is race condition for a small window. The scenario
as below.
1 SAP is starting, and dfs cac begins but without finished.
2 SSR happens, wlan begins to call hdd_reset_all_adapters.
In hdd_reset_all_adapters, sap_ctx->sessionId is reset to invalid.
3 In hdd_hostapd_sap_event_cb, adapter sessionId is set to
sap_ctx->sessionId, after this step, adapter sessionId is changed
from valid sessionId to 0xff.
In hdd_reset_all_adapters->hdd_vdev_destroy, vdev is released
but session can't be clean up as invalid sessionId. adapter->event_flags
can't be clear which cause hdd_vdev_destroy can be called multi times.
Change as below.
1 cancel cac timer at the beginning of hdd_reset_all_adapters and
before wlansap_set_invalid_session.
2 before send eSAP_START_BSS_EVENT, check if sap_ctx->sessionId
is valid.
Change-Id: Ifaad62cd008f7769b059f36530455d4e734522e4
CRs-Fixed: 2293072
Under get_supported_features vendor command driver is advertising
NAN capability by checking only the Firmware support. If NAN is
disabled through INI it should not advertize this support.
Add an INI parameter check before advertizing NAN capability.
Change-Id: Ib48044a04500d6619b97d5ca1c3431ee64d7e096
CRs-Fixed: 2288204
In function hdd_wlan_de_init, the hdd_context is fetched via
cds_get_context. This context is then NULL checked. In the failure case
of this check, the hdd_context is still dereferenced which shall lead to
null pointer dereference.
Add proper jump statement to take care of the proper order of init and
deinit
Change-Id: Ied0ac42371315d0286cdcc71e6e0e10ed2ff5fa1
CRs-Fixed: 2299794
While handling IPA event in case if, __wlan_ipa_wlan_evt() queue
WLAN_AP_DISCONNECT cmd for later processing in work-queue context and
in the meanwhile sme close session deletes vdev then, as part of work
queue context driver process WLAN_AP_DISCONNECT and sends
WMA_IPA_OFFLOAD_ENABLE_DISABLE cmd to firmware for the VDEV which is
already deleted by sme_close_session. This result asserts in firmware.
This reverts commit Ief9318bb476b480fd52f4155a0788a34c1e2ed53
Change-Id: I6128fb489fc40cc7ed01cbdf9c419a6a6b20c6d4
CRs-Fixed: 2295672
As part of any change interface TDLS links are toredown and tdls
state set to disabled in FW. The assumption here is before adding
new interface disable TDLS mode as TDLS is not supported in
concurrency. Due to recent changes in framework,
Driver may receive the change interface to P2P Device mode
after STA connection then teardown is not expected as
STA + P2P Device modes does not comes under concurrent operation.
Check for current and new interface types before disabling TDLS.
Change-Id: I26cfab077b3f83c64687479fba5c7a7c01491a52
CRs-Fixed: 2301650
WPA2 Security Improvements test plan case 4.2.2
Scenario F: RSN version Field is truncated to 1
octet. That means the test bed will send assoc
request with RSN ie total size 3.
Current driver unpack_core will return
DOT11F_INCOMPLETE_IE and doesn't extract the
incomplete RSN ie data.
lim_check_wpa_rsn_ie will have no chance to
run dot11f_unpack_ie_rsn to reject the assoc
request frame because the assoc_req->rsnPresent
is 0.
Change RSN Opaque Min Len to 2 (data min len 0),
so that the unpack_core can extract the RSN ie
even though it is "INCOMPLETE", and then
the later lim_check_wpa_rsn_ie can reject such
assoc request.
Change-Id: Icba37840ea6eb1cc1c2c225efd9ec58757606eea
CRs-Fixed: 2297852
If STA interface is added after softap is started on DFS channel,
then SAP is stopped and re-started on non-dfs channel which is selected
using driver internal acs. But, internal acs is now obsolete. Therefore,
select non-dfs channel from preffered channel list and use SAP CSA
instead of restart.
Change-Id: I95e50c3ffbce35cf30cc9a06f0f14c9e60eb3e3f
CRs-Fixed: 2301895
Add support for DP RX Threads as a part of the FR. Multiple RX threads
can be enabled from the ini. The code is added in a new DP module
outside of the cmn project.
Change-Id: Ief6ee955f13c5e527986307371b8e45677cb9700
CRs-Fixed: 2256446
When AP_DISCONNECT event occurs during IPA resource unloading
in progress, unload time out can happen due to IPA driver taking
time in suspending pipes or delay in FW HTT responses. In such
case events are added to pending queue. Pending queue events are
executed in worker thread context when resource unload is complete.
There is possibility of delay in scheduling of worker thread. When
worker thread is scheduled after HOST sends VDEV DELETE to FW and
processing of AP_DISCONNECT pening event will leads to FW assert.
Reason is as part of AP_DISCONNECT host sends IPA OFFLOAD disable
to FW on deleted vdev id. So send IPA RX offload disable command to
FW when AP_DISCONNECT is added to pending queue.
Change-Id: Ib24deb7654496ec60a3e56b8a9d1e1bd2d8c2db5
CRs-Fixed: 2295105
If SAP configured with RSN security IE, peer should
include compatible RSN parameters.
Reject the Assoc request if peer include invalid RSN
IE.
Change-Id: I10083d7feb669fe5d1c2650ae3c3092e5b28169e
CRs-Fixed: 2294876
The MAC context first_scan_done flag is a remnant from a prior version
of the driver which is initialized but then never read or written.
Since it is obsolete, remove it.
Change-Id: I81b371cb768bd2d042d3f3bf0991d2b27b953b3c
CRs-Fixed: 2298274
Currently the driver doesn't have a check to bring
up a SAP on STA SCC channel if its a SRD channel
and does force SCC on it, even if SRD master mode
is not supported.
Fix is to check the SRD ini before SAP bringup
on the STA channel
Change-Id: I17f7df9ed973ecc6669f0d36a8c390c71624019b
CRs-Fixed: 2302737
In target_if_action_oui_send_req(), there is no NULL check against
return value of GET_WMI_HDL_FROM_PSOC() which can result in NULL
pointer exception. Therefore, add NULL check.
Change-Id: Ibbc4fdf03563496b9d5dac63141921dd8bdea4fa
CRs-Fixed: 2299793
During the vdev attach if the self peer creation fails from the protocol
stack the correct vdev delete is sent to the firmware but the success error
is propogated back to the HDD and the wmi vdev set commands are sent
to the firmware with invalid vdev id.
Change-Id: Ida3964e5a629f53e41ffc50b53216762727fd33d
CRs-Fixed: 2299941
As part of Iab0862eda2392bd516c8ba0b913441b8e0d4c493 , timestamp of
last received frames was introduced to block excessive mgmt frames
being sent as part of Denial of service.
Move that logic to control path to remove dependency on data-path.
CRs-Fixed: 2280235
Change-Id: Idd7617782e71ee187eef7fcb3523c05b49f82094
Disable this feature for MOBILE_ROUTER product, since some MOBILE_ROUTER
platform will attach two wlan cards with separate wlan driver,
during second driver loading process, it will report a warning of
"cannot create duplicate filename" as node with same name has been
created after first driver was loaded.
Change-Id: I9e06439b3a6dacdf4eb5ae87898338ab1eeb8b16
CRs-Fixed: 2295391
