One of the HDD functions with the highest cyclomatic complexity is
__iw_setint_getnone(). The handing of WE_CLEAR_STATS has a complexity
greater than 1, so refactor that logic into a separate function to
help reduce the complexity of __iw_setint_getnone().
Change-Id: I51e72ccf83a6b63792c17d6c65daca6571ef21bb
CRs-Fixed: 2341122
Remove legacy cfg items definitions and related macros for the
converged CFG items.
Change-Id: I12944f50d68dafe989417dda777f29a6233c97a4
CRs-Fixed: 2340856
When the firmware crashes platform driver notifies the driver
through CNSS_FW_DOWN. Since firmware down support is not
present for the PCI bus, The driver flags for target ready
and recovery flags are not getting set resulting in the commands
sent to firmware.
Add the firmware down support for the pci bus.
Change-Id: I20db3698602ea273038a3f024b4e5f61639f6d74
CRs-Fixed: 2338570
When beacon report request action frame is received,
rrm_process_beacon_report_req() is called and num_channels value
is calculated from the action frame directly from user. This
value is assigned to pSmeBcnReportReq->channelList.numChannels
and this num channels value along with the channel list is
posted to sme for further processing. The sme function
sme_rrm_process_beacon_report_req_ind() processes this sme
message eWNI_SME_BEACON_REPORT_REQ_IND. In this function,
the channels in channel list are looped through the received
value pBeaconReq->channelList.numChannels and is copied to the
destination pSmeRrmContext->channelList array from the
pBeaconReq->channelList.channelNumber[] array.
The maximum possible number of channels in channel list
BeaconReq->channelList.channelNumber[] allocated statically
in the definition of tSirChannelList is
SIR_ESE_MAX_MEAS_IE_REQS (8).
So when the pBeaconReq->channelList.numChannels, possible OOB
read occurs.
Validate the value of pBeaconReq->channelList.numChannels
received from the action frame against the maximum supported
number of channels in channel list SIR_ESE_MAX_MEAS_IE_REQS (8).
Place this validation inside the function
sme_rrm_process_beacon_report_req_ind() instead of validating it
at rrm_process_beacon_report_req() so that it defends from other
caller sme_set_ese_beacon_request() which is from user space
command through IOCTL.
Change-Id: I2074b04081328ceab7eeb29c33631a635e9d93c3
CRs-Fixed: 2335974
One of the HDD functions with the highest cyclomatic complexity is
__iw_setint_getnone(). The handing of WE_SET_AMSDU has a complexity
greater than 1, so refactor that logic into a separate function to
help reduce the complexity of __iw_setint_getnone().
Change-Id: I74bbc055c1587fff548512f4c7f325f75345eb95
CRs-Fixed: 2340147
One of the HDD functions with the highest cyclomatic complexity is
__iw_setint_getnone(). The handing of WE_SET_VHT_RATE has a complexity
greater than 1, so refactor that logic into a separate function to
help reduce the complexity of __iw_setint_getnone().
Change-Id: I07299bcc7e1cba7b5ceced3ba1cf22c470cb448e
CRs-Fixed: 2340146
One of the HDD functions with the highest cyclomatic complexity is
__iw_setint_getnone(). The handing of WE_SET_11N_RATE has a complexity
greater than 1, so refactor that logic into a separate function to
help reduce the complexity of __iw_setint_getnone().
Change-Id: Iea2ee6bc53a56bb92497d42ac057e6663bc07097
CRs-Fixed: 2340145
One of the HDD functions with the highest cyclomatic complexity is
__iw_setint_getnone(). The handing of WE_SET_RTSCTS has a complexity
greater than 1, so refactor that logic into a separate function to
help reduce the complexity of __iw_setint_getnone().
Change-Id: I9f17824abe6ac9e60cc908c46661fe991ecfd9aa
CRs-Fixed: 2340144
One of the HDD functions with the highest cyclomatic complexity is
__iw_setint_getnone(). The handing of WE_SET_SHORT_GI has a complexity
greater than 1, so refactor that logic into a separate function to
help reduce the complexity of __iw_setint_getnone().
Change-Id: Ica2a50216c413985f05a2771641be439c6c9d8cd
CRs-Fixed: 2339229
hdd_set_rx_stbc() is called from both the STA and SAP ioctl
handlers. In the STA case the caller checks the mac_handle, but in the
SAP case the mac_handle is not checked. This could result in a bad
mac_handle being used in the SAP case. In order to cover both cases
relocate the mac_handle test to hdd_set_rx_stbc().
Note that this has the added benefit of reducing the cyclomatic
complexity of __iw_setint_getnone(), one of the HDD functions with the
highest complexity.
Change-Id: I9442a8a46da4066c8b4dafe2cf9ce64f608bb3a9
CRs-Fixed: 2339228
hdd_set_tx_stbc() is called from both the STA and SAP ioctl
handlers. In the STA case the caller checks the mac_handle, but in the
SAP case the mac_handle is not checked. This could result in a bad
mac_handle being used in the SAP case. In order to cover both cases
relocate the mac_handle test to hdd_set_tx_stbc().
Note that this has the added benefit of reducing the cyclomatic
complexity of __iw_setint_getnone(), one of the HDD functions with the
highest complexity.
Change-Id: Ie7a01ddbfb958ab87b7baf11e93d8a86c32744b7
CRs-Fixed: 2339227
hdd_set_ldpc() is called from both the STA and SAP ioctl handlers. In
the STA case the caller checks the mac_handle, but in the SAP case the
mac_handle is not checked. This could result in a bad mac_handle being
used in the SAP case. In order to cover both cases relocate the
mac_handle test to hdd_set_ldpc().
Note that this has the added benefit of reducing the cyclomatic
complexity of __iw_setint_getnone(), one of the HDD functions with the
highest complexity.
Change-Id: I97827ee257c9e15e24468ed9800080375f082ff1
CRs-Fixed: 2339226
According to the current code flow of con_mode_handler, the
WLAN modules are stopped, adapter is opened in FTM mode and then
the modules are started. Due to the INI/CFG value accces done as
part of opening the adapter, and since the modules are stopped
at this point, it results in a use after free scenario.
Modify code sequence of con_mode_handler to WLAN start modules
before opening the adapter in FTM mode.
Change-Id: I94afb9b2a3751247b4ae95e27b1374b25890a9d7
CRs-Fixed: 2339777
There is an incorret valid pointer checking after memory
allocation for monitor mode, which will cause net device up
failure. Fix this incorrect checking.
CRs-Fixed: 2338747
Change-Id: Ib1dd4d85ce7e7cace1167a082c103fb0300eb16a
Remove the definition of following INI & CFG Items
for VHT caps which is common for HT and HE caps.
CFG_VHT_LDPC_CODING_CAP
CFG_VHT_SHORT_GI_80MHZ
CFG_VHT_SHORT_GI_160_AND_80_PLUS_80MHZ
CFG_VHT_TXSTBC
CFG_VHT_RXSTBC
CFG_VHT_RX_MCS_MAP
CFG_VHT_TX_MCS_MAP
CFG_VHT_BASIC_MCS_SET
Change-Id: I55390c3391a0be272c609030dae232d767111fcf
CRs-Fixed: 2333183
FW expects the MU EDCA params after vdev up as it checks for
active vdev to save the MU EDCA params. Send the MU EDCA params
to FW after vdev up is sent to FW.
Change-Id: Ia7689f1bad884e73098020e5508f669d9b8881d7
CRs-Fixed: 2337827
Update Nss routine always returns failure status to user space.
Fix issue to send correct response to user space.
Change-Id: I12342ee531fc790b3042d8dcd8f5bb4b7a97e9fe
CRs-Fixed: 2340073
During csr stop, csr_roam_close_session try to purge all the pending
commands for the vdev. But as vdev is already logically deleted,
the cmds are not purged as the purge by vdev API fails to get the
vdev ref.
As in csr stop, driver clean up all the sme session so instead of
calling purge commands for vdev, call purge cmd for all the vdev.
Also the active command timeout for the delete vdev is 30 sec while
HDD waits for 15 sec. The active command timeout should be less
than the HDD timeout. Thus set active cmd timeout as 10 sec and
HDD timeout as 11 sec
Change-Id: I1d45de261c50f1835379a9cc1df4631f3e32f459
CRs-Fixed: 2339694
In wma_vdev_resp_timer(), while handling WMA_DELETE_BSS_REQ if
wma_crash_on_fw_timeout() is true, SSR is triggered, but timer
event_timeout isn't destroyed, wma_target_req, and user_data
isn't freed, result in timer and mem leak.
Change-Id: Ic47af43de671d195c6addd0360b96305af15d9bf
CRs-Fixed: 2337211
As part of PCIe power management for new WLAN devices, it requires
asserting WAKE register before accessing any MMIO registers outside
first 4K range. Add the APIs support in PLD for WLAN host driver.
Change-Id: I307cc6688fca58a52a6eaf3982d675c7a85a6965
CRs-fixed: 2326459
I1bfa8ab7329040c0b5ba989c0d7de7bf7228dd35 moved the idle timeout work
flush in an attempt to address a regression caused by moving the WMI
stop call in Iea53931771afd93ffaeabf704bbaffcf2460284f. Later, the WMI
stop call change was ultimately reverted in
I91046efeab8bc13b9f5c37d5a4d02b66c63e35a9, but the flush call was left
in its new location. Replace the original call site of the idle timeout
work flush, from before Iea53931771afd93ffaeabf704bbaffcf2460284f.
Change-Id: I21d74e02b5491dd3b42bb668329d09e77b416b7d
CRs-Fixed: 2339335
Currently the HDD function with the highest cyclomatic complexity is
__iw_setint_getnone(). The handing of WE_SET_NSS has a complexity
greater than 1, so refactor that logic into a separate function to
help reduce the complexity of __iw_setint_getnone(). As part of the
refactoring relocate the mac_handle NULL check to hdd_update_nss()
since that is where it is actually used.
Change-Id: I6fef7680b8013547cb2b8eb649e207e3026144ff
CRs-Fixed: 2338567
Doing the tx desc initialization earlier in ol_tx_hl_base to make sure
all msdu buffers have been mapped before msdu frame is freed if encouter
error.
Change-Id: Iefded014b4a179889e67fa7cc0e0c36e8218dd83
CRs-Fixed: 2337167
this is not required as the session nss has to be 2, which
is expected, and helps to shift back to 2x2 from 1x1, while
hw mode goes to single MAC mode
This reverts commit I54ead1fd26d705a821160b5bc5d816df1d2ab8f4
Change-Id: I3bdcad1df6cc67de2533c89697b8c17d8ac4f573
CRs-Fixed: 2329616
1. Report NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA to
cfg80211.
2. Indicate Random MAC addr frame to source adapter.
Change-Id: Ica66fb43636fc1609febd87b6e6398dac3af25f3
CRs-Fixed: 2322077
Change "qcacld-3.0: Remove sme_set_freq_band()" (Change-Id
I41eeda85754a4d2cb1971dd53eb07a86e5ff4b87") removed the only caller
of csr_set_band(). Since it is now apparently obsolete, remove it.
Change-Id: Ifcfbeecb28964aef82d6b51942436ba18282f1d7
CRs-Fixed: 2339197
Function sme_set_freq_band() is not used. Since it is apparently
obsolete, remove it.
Change-Id: I41eeda85754a4d2cb1971dd53eb07a86e5ff4b87
CRs-Fixed: 2339196
In wlan_hdd_update_phymode() there are two separate calls to
ucfg_mlme_get_vht_channel_width(). In both cases the return status is
checked, and in case of error the following messages is logged:
"Failed to set channel_width"
Since ucfg_mlme_get_vht_channel_width() is a "getter" and not a
"setter" change the log to:
"Failed to get channel_width"
Change-Id: Ifed249e78e4a64d76eae9310da42ee490756337e
CRs-Fixed: 2338478
Currently if ADD_BSS_REQ vdev_start request times out, the
wma_vdev_resp_timer notifies this as ADD_BSS_RSP with failure status
to the upper layer and the SAP FSM moves from STARTING to DISCONNECTED
state. After this the WMA_DEL_STA_SELF_REQ is sent to the FW which does
a VDEV delete. However in cases where the ADD_BSS_REQ has been sent to the
FW but the response has not been received, the FW has the VDEV in started
state and asserts if a VDEV delete is sent without sending a vdev stop.
Send VDEV stop to the FW in case of ADD_BSS_REQ times our in
wma_vdev_resp_timer.
Change-Id: Ib2b95d38cb7fd36b02a738a73dbc1f8102d2169e
CRs-Fixed: 2323293
