DISA head files include lots of not used public head files, and cause
compilation issue when disable PMO feature flag.
Change-Id: I287f845a3e9f923d042463c34abaedadb905d3b2
CRs-Fixed: 2243947
These board information are stored in the board file while the
calibration process. WMI service ready event will now carry them for host.
Append these board version information to the firmware version string.
Change-Id: Ieb5bc480bd0c2e387fcf6990dd192741f0b7cd6b
CRs-fixed: 2218963
To keep non-wext function out of wext.[c|h], rearrange it to main.[c|h]
And in order to make the interface more generic, change the interface
to take the buffer and length directly.
Change-Id: I1f64cc235b9dee6c574f871b020b0b61c8b427c8
CRs-fixed: 2228717
Remove force SAP ACS support from driver as it is no longer needed
after hostapd based ACS is enabled permanently from framework.
Change-Id: Ib3b8bac0dcf45562596d89d0aa49e16a03f85499
CRs-Fixed: 2234858
Current code in __hdd_hard_start_xmit function there is a possibility
of one variable uninitialized. Improve the code by initializing the
variable.
Change-Id: Ia2dbed83b35801087b93bbb336d13df95a78a8aa
CRs-Fixed: 2029588
Check user configuration for HE Tx beamformee and beamformer
while updating the caps into global or session configuration.
Change-Id: Ie355a6f208499dd389117c02b8510094c8fd08fd
CRs-Fixed: 2241779
In hdd_get_class_a_statistics_cb api, context is actually
cookie and it can be NULL if this is the first request. on
class A stats request, when hdd_get_class_a_statistics_cb is
invoked with context as NULL, the NULL check in callback
will not update the latest stats result and will return.
Change-Id: I8c33a0e82d9915a4b3d76e695ceab7ecd9301b89
CRs-Fixed: 2244767
User sends driver a list of roaming scan channels to set through IOCTL
SETROAMSCANCHANNELS. The parameters include the number of elements in
the array, followed by channel array and then a NULL character. But
when driver loops through the channel array it doesn't have a NULL
check. An erroneous number of elements passed by user may cause buffer
overread.
Add a NULL check on channels passed in IOCTL SETROAMSCANCHANNELS.
Change-Id: I7342aa5cf8e5267b7ed06a4e35b1ed882fb97893
CRs-Fixed: 2227039
Fix tTxrateinfoflags as per linux coding guidelines, this will later
help move the struct to qcacmn.
Change-Id: I1911d25594aaecc7c166cf36b79111b61e6de457
CRs-Fixed: 2244834
While processing vendor command QCA_NL80211_VENDOR_SUBCMD_GET_WIFI_INFO,
respective handler wlan_hdd_cfg80211_get_wifi_info() is not allocating
memory for QCA_WLAN_VENDOR_ATTR_WIFI_INFO_RADIO_INDEX in event buffer
and trying to populate radio_index with nla_put_u32(). Buffer-overflow
is avoided with buffer length check in nla api but error is returned.
Return of error for valid user input is incorrect.
To fix this, add size of radio index in event buffer size calculation.
Change-Id: I39973814ae9b10466b9d5e3492a42b745a7f2a5e
CRs-Fixed: 2230298
hdd_wlan_start_modules() currently takes an adapter parameter in order
to do management frame event deregistration. Instead, do management
frame event deregistration during adapter stop for symmetry with the
event registration. This allows us to remove the adapter parameter
completely from hdd_wlan_start_modules().
Change-Id: Ifb4619c80a129b8ef4e84c597dd98004d5cd713d
CRs-Fixed: 2240850
From the IOCTL command WE_POLICY_MANAGER_PCL_CMD, we get the cds
concurrency mode as argument and pass it to cds_get_pcl to get
the pcl channel list. This concurrency mode parameter is used as
the array index to retrive the enum cds_pcl_type. If this value
is greater than CDS_MAX_NUM_OF_MODE an OOB read will occur in
iw_hdd_set_var_ints_getnone.
Add check to validate the input cds mode argument against the macro
CDS_MAX_NUM_OF_MODE. Return error if it is violated.
Change-Id: Iaa79d9698e0074a31a9c3f2396bd06d436d1e349
CRs-Fixed: 2216048
When trying to add multiple softap interfaces, sanity checks in
wlan_hdd_allow_sap_add() are trying to access dev in adapter without
NULL check which can lead to NULL pointer exception.
To fix this, add NULL check for dev before access of its attributes.
Change-Id: I57577da1b60443a42e273f87e9f4feac123bc686
CRs-Fixed: 2232394
Fix overwrite when handling RSN element and WAPI AKM suite
list in wlan_hdd_cfg80211_set_ie.
Change-Id: I63528da4c2dfafa22f2c6fc73afe52727af02b64
CRs-Fixed: 2228031
Fix the HE mcs rates when the ack policy is set to no ack to
reduce the tx failures.
Change-Id: Iff923bcb6094d1a75ba1e14ff19897f9ca8c2e0a
CRs-Fixed: 2236565
Presently, while processing SET_PASSPOINT_LIST vendor command
HDD is not making sure realm string passed by upper-layer is NULL
terminated, this may lead to buffer overflow as strlen is used
to get realm string length to construct PASSPOINT WMA command.
Make sure realm is NULL terminated before passing the same to
down layers.
Change-Id: I417f2b89dc219664afe5deac00dc361cac4048d6
CRs-Fixed: 2180699
DISA encrypt/decrypt test is not supported by FW when power save is
enabled. Add check to reject DISA encrypt/decrypt vendor test command
if power save is enabled.
Change-Id: Ia83036f957a3298288d312f836d40284344ce8e8
CRs-Fixed: 2240880
LDPC dynamic configuration setting is not updated into session
configuration hence LDPC disable do not happen when user disable
it. Update the session configuration parameters for LDPC with
user settings.
Change-Id: Ic0b5f2b17cde5746054f90d78d6c99624444d086
CRs-Fixed: 2235936
This commit fix the VTS test failures when running the following
deprecated commands in SupplicantStaIfaceHidlTest
RXFILTER-START
RXFILTER-STOP
BTCOEXSCAN-START
BTCOEXSCAN-STOP
Change-Id: I45fa09c24700e6872de7709c6875dbdbd8aa10cc
CRs-Fixed: 2226343
Framework shall trigger disconnect for many reasons,
one of them is NUD failure. The motive to print tx queue
state whenever disconnect is triggered from the userspace
is to see the state of the tx queue at the time of disconnect.
Change-Id: I73f6359f6823de4781ed94b1d4f19c4a0a198879
CRs-Fixed: 2225547
Add support to set antenna mode for SAP using iwpriv commands
set_txchainmask and set_txchainmask.
Change-Id: Id74d8caf6b2d48b0afbcc3791bd347d6addd2e7d
CRs-Fixed: 2239648
Inside hdd_ndi_create_req_handler(), we need to check if
the operating channel is valid. The current checks do
not ensure the operating channel is checked against all
valid values.
Correct the check condition to validate the operating
channel against all valid values.
Change-Id: I01c035b996ab26779ee005bef437393875fdd95a
CRs-Fixed: 2233118
Here the case is designed to fall through to the next case. So,
add a /* fallthrough */ comment where the break is expected.
Change-Id: Ide5b530c9b817a269fcee4ece679476930797ae7
CRs-Fixed: 2233186
If disconnect command is in SME pending queue, when connect command
is received, the disconnect command is flushed and as SME is
already in connected state the new connect command is handled as
reassoc req and as no preauth was done with this new AP, SME does not
call proper HDD callback to indicate conenct failure. Thus HDD remains
stuck in connecting state leading to scans rejection.
To fix this do not flush disconnect command from SME on receiving
connect cmd and thus clean up the SME before connect is processed.
Change-Id: Icefe8866a24b332688c64d8e69a11642fd7215d9
CRs-Fixed: 2238873
While processing IOCTL - CCXBEACONREQ, when number of
beacon request IEs is zero, respective handler drv_cmd_ccx_beacon_req()
is trying to log measurement token from un-initialized struct variable
ese beacon request, which results in kernel info disclosure.
To fix this, initialize stack variable ese beacon request and return
error in disconnected state when number of beacon request IEs is zero.
Change-Id: I4b0a8c673f9ca92e8699a157b24a100bb0cffa83
CRs-Fixed: 2225338
The driver fills the mcs set array in
hdd_update_tgt_ht_cap for all rf chains
and does not have a upper boundary check to
cfg->num_rf_chains, which could lead
to out of bound write a valid value
to a memory which not allocated to mcs set
Fix is to have a check to cfg->num_rf_chains
Change-Id: Ibeb5e783e2369ebee1bbf3fc724d06736c174c69
CRs-Fixed: 2221902
The default value of /sys/class/net/xx/queues/rx-x/rps_cpus is 0,
It means that the RX thread and soft IRQ will run on same core.
In 8996AU, the t-put will be impacted by the default value 0 both
in LTE and WLAN interface. Add support to set WLAN RPS CPU mask when
there is high t-put requirement of WLAN to improve the performance.
Change-Id: I10127a763b768a29b25041070f3ea7b3f6769289
CRs-Fixed: 2195721
While processing set pno IOCTL, input argument 'extra' is printed
without making sure it's NULL terminated.
Log input string 'extra' after making sure it's NULL terminated.
Change-Id: I4158103a85c0828dad240cf00b34da94e6a8cc62
CRs-Fixed: 2228601
Currently wlan_hdd_reassoc_bssid_hint returns true if prev_bssid is
present in the connect request even if the hdd_reassoc fails leading
to connection not happening if the supplicant sends a prev_bssid
and bssid_hint in the connect request and if the current state is
not connected.
Fix return status in __wlan_hdd_cfg80211_connect to return 0 only
if hdd_reassoc is success else proceed with disconnect and connect
Change-Id: I513495797f2538fc8887ff0a9ce04e13035e0549
CRs-Fixed: 2238104
Currently the channel list received from the SETROAMSCANCHANNELS
driver command is passed directly to the FW without checking if it
contains any invalid channels leading the firmware to assert if the
list contains unsupported channels.
Validate the channel list received from the ioctl with the base
channel list and send to firmware only if all the channels in
the list are valid
Change-Id: Ia502eecb97e34de854a75a6af7ffb8ccc02a7e52
CRs-Fixed: 2231242
If FEATURE_WLAN_ESE is disable, there is a compilation error.
Remove the definition of hdd_wmm_inactivity_timer_cb and
hdd_wmm_disable_inactivity_timer if FEATURE_WLAN_ESE is disabled
as these apis are not getting used anywhere.
Change-Id: I2c236f63429bdc738be9ccb06f9671b694fd9a5d
CRs-Fixed: 2238180
Currently when transferring SSID information from the nl80211 TLV to
the internal data structure hdd_fill_pmksa_info() always copies
SIR_MAC_MAX_SSID_LENGTH bytes which can overread the buffer. In order
to prevent overread only copy as many bytes as the TLV contains.
Note that the destination buffer passed to hdd_fill_pmksa_info() is
always zero-filled so no additional zeroing of bytes is required.
Change-Id: I1f6773b70e9e728d6b1ce93ca26417348e96844c
CRs-Fixed: 2237462
The IOCTL handler mapping code for QCSAP_SET_FW_PROFILE_HIST_INTVL
mistakenly falls through to the next switch case. Add a break to prevent
executing two IOCTL callbacks for QCSAP_SET_FW_PROFILE_HIST_INTVL.
Change-Id: I6b0a17b87c22d1d2be3697456608e8ebe704afed
CRs-Fixed: 2232911
