Voice traffic is properly prioritized when a TSPEC is added to
the connection. When STA roams to a new AP, TSPEC is negotiated with
that AP, firmware is programmed to handle WMM access classes but
HDD is not notified of this change. This problem shows up only in
non-FT roaming. Ensure that AC flows are reinitialized after roaming.
CRs-Fixed: 2003210
Change-Id: I7b9e07cffa90eb966c4a23ff4c4db420fb0122fe
saved_scan_cmd has many fields that are allocated separately during
profile save operations. Add a routine to free those memory objects,
release the profile and avoid memory leaks.
CRs-Fixed: 2012430
Change-Id: I0d9fcb29ca7f8290692ba4b688ffe025d5b5d747
Data path may be processing received packets while the peer is being
deleted. It may create an extra reference to peer. As a protection,
decrement peer->ref_cnt by the exact number of peer_id_ref_cnt
instead of resetting it to hardcoded value of 1. Peer object will be
freed only after the last reference count is decremented.
CRs-Fixed: 2023550
Change-Id: I457a0fdd9d0bea86d22139090afbd33bdc34f2ed
We have race condition between lro flush of hif_napi_poll and MC thread
lro flush while flushing the ol_txrx_cached_bufq packets for peer. Avoid
the situation by simply marking the all the Rx packets as LRO ineligible
while enqueuing packets to ol_rx_cached_buf.
Change-Id: Ief0d7dd6c25cf45912820f0e237fd1179a57a5c7
CRs-Fixed: 2032674
warning: implicit conversion from enumeration type
'qdf_nbuf_l4_rx_cksum_result_t' to different enumeration
type 'qdf_nbuf_l4_rx_cksum_type_t
Change-Id: If2b7ee179fa260c14cde450cc72272c41a9f4adb
CRs-Fixed: 2055487
warning: implicit conversion from enumeration type 'tDriverType'
to different enumeration type 'enum driver_type' [-Wenum-conversion].
Move enum driver_type to QDF.
Change-Id: Ic89e4ee512a2d70c27324446257286aaafd49839
CRs-Fixed: 2055487
Due to the Change-Id: I3ad995636127a5fda0635549551a24cc5b1bd2c5
PARAM_A_BAND_PELT_THLD was incorrectly replaced with
PARAM_A_BAND_BOOST_THLD.
Fix this and bring back the attribute PARAM_A_BAND_PELT_THLD.
Change-Id: I83d21c2b4662c82d2f26f3bcd10a549889f6df1e
CRs-Fixed: 2055487
Split __wlan_hdd_cfg80211_set_ext_roam_params() into
multiple functions to improve readability of the code and
fix clang warning (-Wframe-larger-than).
Change-Id: I3ad995636127a5fda0635549551a24cc5b1bd2c5
CRs-Fixed: 2055487
Because of obsolete macros FEATURE_WLAN_LFR and WLAN_FEATURE_ROAM_SCAN_OFFLOAD
roaming capability is not properly set in get_supported_features.
Fix this by using the proper macros.
Change-Id: I4dec8c32c71fde01b663e11e60f1da171adee3e4
CRs-Fixed: 2067126
This is a qcacld-2.0 to qcacld-3.0 propagation.
Enable feature bits WIFI_FEATURE_CONTROL_ROAMING,
WIFI_FEATURE_IE_WHITELIST and WIFI_FEATURE_SCAN_RAND.
Change-Id: Ia0f136e038e7da040faae04eaa11bcf56bb72443
CRs-Fixed: 1102187
This is a qcacld-2.0 to qcacld-3.0 propagation
'wrqu->data.length' holds the total number of IE data buffer.
Add a check to make sure the number of remaining data to be read is
greater than or equal to IE length.
Also, advance the buffer pointer to point to the next element only
if next element is present.
Change-Id: Ic60f3e0650f365955dab4099eb8740e9789e00cc
CRs-Fixed: 1100132
Dump the last few (100) DPTRACE records when a cfg80211 disconnect is
received from the userspace with reason code WLAN_REASON_DEAUTH_LEAVING.
Change-Id: Ib370f8d8b71f20364e0da73a1aee5673c0fc4ca4
CRs-Fixed: 2029713
Unify hdd_register_interface() and hdd_register_hostapd(). Update
failure log with error status and device name in case of
register_netdevice(), register_netdev() or dev_alloc_name() failures.
Change-Id: I428c73d473de6dc2e61567129e9f2a7996631729
CRs-Fixed: 2085098
hdd_ipa->sta_connected in WLAN_CLIENT_DISCONNECT case is not under lock
protection and is prone to race conditions.
Fix is to release event_lock after checking sta_connected so as to avoid
possible race conditions.
Change-Id: I6206d5d0cc2cf5df02ab4caf0de810961da21006
CRs-Fixed: 2082525
propagation from qcacld-2.0 to qcacld-3.0.
While processing setpno ioctl, there is an out of bound memory
issue when Host is copying ioctl arguments to a local buffer.
While copying ioctl arguments, make sure valid indices are used.
Change-Id: I03078df7135f5f1daf1d9bead7d4410e58fb848a
CRs-Fixed: 1112355
In module exit context, vdev handle could be destroyed but still we
need to free pending completion tx_desc. And accessing vdev handle
of tx_desc will lead to null pointer derefernce.
Fix is to check vdev handle against null pointer.
Change-Id: Ib4e3127803f7bb0035466ec639401d7f8163598e
CRs-Fixed: 2074184
There can be a race condition happening where frames are being
enqueued in cached buf queue for a peer in one thread whereas
cached buf queue for that same peer is being flushed in another
thread at the same time. This could result in memory leak in buf
queue.
Check for peer validity before enqueueing frames in peer cached
buf queue.
Change-Id: Idfb190def2aabc4439cd551c50aa811bae818ea3
CRs-fixed: 2038457
lim_process_sme_del_all_tdls_peers is defined only when FEATURE_WLAN_TDLS
is enabled, but declared always. There is unknown symbol error when insmod
wlan.ko without this feature. Only declare/define when FEATURE_WLAN_TDLS
is defined to resolve this issue.
Change-Id: I817e5cc2bb22a4242f42c7398cbd00d01ff0a64b
CRs-Fixed: 2034861
Static analyze tool reports error, since NULL check for tHalhandle
is not present. Fix is to add NULL checks.
Change-Id: Ibe68b89809a36e0184523934e7b3aefbd732666a
CRs-fixed: 2083409
Currently, auto powersave timers are deferrable. This means any pending
auto powersave timers will not fire while the device is supended, which
can have a negative impact on wlan power usage. Instead, flush any
pending auto powersave timers during the suspend process, to ensure
powersave is enabled while the device is suspended.
Change-Id: I5911ee30eaf770909b728af73958ba1bbaa8457f
CRs-Fixed: 2080812
Currently when IPA RX WDI pipe connect fails during start modules
host does not clean up the TX pipe which is allocated before the
RX pipe. As part of proper clean up from host in this change
disconnect the TX pipe handle when RX pipe connect returns failure.
Change-Id: Ic037dd2415ab5be497a0617d8151d63219868fd1
CRs-Fixed: 2040146
Setting gForce1x1Exception=1 in ini forces DUT to associate to
buggy AP's which are identified via OUI. Enable this feature by
default on all platforms by setting CFG_FORCE_1X1_DEFAULT=1.
Change-Id: Ic459d821f4aedba966beab8ca8ca977b7b639e34
CRs-Fixed: 2084927
qcacld-2.0 to qcacld-3.0 Propagation.
Operation classes supported can be controlled by user, which can
be sent greater than the max supported operations. This results
in stack overflow in change station command.
Add check to validate operations supported param given by user
and if it exceeds max supported value, set it to max supported
value.
CRs-Fixed: 2002052
Change-Id: Idd3a35e38b091546a17d7ec6329f19429e5c289c
qcacld-2.0 to qcacld-3.0 propagation.
In hdd_set_rx_filter API multicastAddr array being accessed beyond
its size.
Add boundary check for multicastAddr.
CRs-Fixed: 1104565
Change-Id: I8e1543a8f42ac40c04d2c6a17e69718d13cbd706
qcacld-2.0 to qcacld-3.0 propagation.
In __wlan_hdd_cfg80211_testmode API no checks are in place that
ensure that buflen is smaller or equal the size of the stack
variable hb_params. Hence, the vos_mem_copy() call can overflow
stack memory.
Add buf len check to avoid stack overflow
CRs-Fixed: 1105085
Change-Id: I6af6a74cc38ebce3337120adcf7e9595f22d3d8c
Currently, parsing of beacon/probe response leads to flooding of
warning messages in kernel logs.
Remove warning logs in beacon/probe response parsing. Dump IE's
only for parse fail case as debug logs.
Change-Id: I1b6898377cc196a5c4fe3d3316618104fd8b281e
CRs-Fixed: 2079652
NS Offload is not supported in IBSS mode. Configuring it while
in IBSS mode causes crash in firmware.
Do not allow ns offload in IBSS mode.
Change-Id: I1f6cf7b6c65238a9335f828321487ea784a4512b
CRs-Fixed: 2035449
Link stats memory is not freed in case of driver
unload happens before more results is received
from firmware.
Fix is to free link stats memory on wma close.
Change-Id: I3c54a0bc4951c70b2ca7116e37e0b62a5c6b7a2f
CRs-Fixed: 2083603
Currently if only one address is provided in wlan_mac.bin, it is updated
for interface wlan0. It will be copied to interface p2p0 if a specific
configuration is present. softap0 retains its mac address either generated
from serial number or given through Firmware ready event. This doesn't
guarentee a unique mac address to both these interfaces.
Regardless of configuration Both softap0 and p2p0 should have a unique
mac address with locally administered bit set.
Change-Id: I64299f5c2e2376c8dbdb26ea34ba0187d5d1f28d
CRs-Fixed: 2066086
During peer detach, driver starts a timer to track unmap events
when the sta peer gets deleted. During this duration SSR occurs
and BUG_ON or cds recovery is triggered. This should only happen
in non-recoverable situation, so this scenario should be avoided.
Allow driver to recover from the SSR by checking FW_DOWN bit.
Change-Id: Ieca407e5c9c30f3c4716b7d158a903add46b8bd6
CRs-Fixed: 2078395
Currently during IPA pipes connect host is passing size of each TX
completion ring size as 4 bytes instead of 8 bytes which is expected
by IPA driver. Reason is host passes size of each ring as size of
dma_addr_t which is 4 bytes for 32 bit host architecture where as
bus addresses are of 8 bytes on MAC and IPA. Fix this by passing the
size which is correct and expected by the IPA driver.
Change-Id: Ib081a3819d3a5e4f7ac61606d5ecb9aa5f3242c8
CRs-Fixed: 2037661
Propagation from qcacld-2.0 to qcacld-3.0.
There is a possibility to read uninitialized memory within api
__wlan_hdd_cfg80211_testmode.
To resolve this issue, initilaize buffer hb_params with zero.
Change-Id: Ia8061610a8c35aa7290177c0dcd2c5c36d9fcb35
CRs-Fixed: 2075796
The vendor command QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_GET_VALID_CHANNELS
coming in netdev down state resulting in crash.
Add WIPHY_VENDOR_CMD_NEED_RUNNING flag to reject the vendor command
QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_GET_VALID_CHANNELS if netdev is down.
CRs-Fixed: 1109145
Change-Id: I007341a51ccdd1b5cf5b6e2319c8b71d4f26f9ce
Currently sending qpower to FW in softap mode causes device to crash as
qpower config is not supported.
Enable QPOWER config in STA and P2P-CLI modes.
Change-Id: Idb8b3ac79e6c93533b752ac42d6ab57bb0c86579
CRs-Fixed: 2003839
In csr_validate_wep(), return value of csr_get_oui_index_from_cipher() is
used to fetch 'csr_wpa_oui' value. csr_get_oui_index_from_cipher() returns
0-14 but no.of rows of 'csr_wpa_oui' is 7.
Add changes to validate index value before accessing 'csr_wpa_oui' array.
Change-Id: I0cf16f4e8fb2c07a489991f20bc345e97b2450e0
CRs-Fixed: 2077599
Currently when driver send log flush command to firmware,
driver start timer of 10 sec.
Reducing this time to 3 sec as 10 is long timer.
Change-Id: I697fa6a4709fa0128595fb2b15493b1fa2b13b35
CRs-Fixed: 2037033
The Estimated Service Parameters element is
used by a AP to provide information to another STA which
can then use the information as input to an algorithm to
generate an estimate of throughput between the two STAs.
The ESP Information List field contains from 1 to 4 ESP
Information fields(each field 24 bits), each corresponding
to an access category for which estimated service parameters
information is provided.
Change-Id: I4d299ffbf0700574c0b207893dbbfc4fd3911849
CRs-Fixed: 2079816
Currently while registering wiphy, supported Beamformee STS Capability
and Number of Sounding Dimensions are not updated in the vhtcap field.
This results in hostapd failing to start if above two configurations
are enabled in the conf file.
Update missing vht capabilities in wiphy before registering.
Change-Id: I8db376fe1f14fd5b722e67a5889addf4c2fb7f28
CRs-Fixed: 2062520
In packet log header, element type_specific_data used uninitialised.
Initialise type_specific_data.
CRs-Fixed: 2015997
Change-Id: Ifa2bdc4c10528c8e9781249058e1767d64bec60e
qcacld-2.0 to qcacld-3.0 propagation
In sir_convert_assoc_resp_frame2_struct(), 'pAssocRsp->ricPresent' is set to
true when 'num_RICDataDesc' is 0, this causes qdf_mem_malloc() to be called
with invalid length 0.
Add change to validate 'num_RICDataDesc' to avoid above issue.
Change-Id: If5e59477efa4df01ca216904645babf769b55c47
CRs-Fixed: 2078891
In unpack tlv, length of tag and length fields are not considered
while checking for min length for the tag, this result into failure
in unpacking the TLV.
Fix it by including length of tag and length fields while checking
for min length.
Change-Id: Icf06b935a883e41426f5fcd1668ad8461b58349f
CRs-Fixed: 2070452
Add support for rssi based assoc rejection from a bssid and
Try to connect to this bssid only after time interval indicated in
Assoc reject or when rssi has improved by margin indicated in Assoc
reject.
On connection send OCE rssi reject BSSID list to firmware so that
firmware will avoid connecting to these BSSID until RSSI improve or
delta interval has elapsed.
Change-Id: I792b2874ed25227bf5fd09d8051549da96db4364
CRs-Fixed: 2070452
Add support to handle rssi based assoc rejection from a bssid and
Try to connect to this bssid only after time interval indicated in
Assoc reject or when rssi has improved by margin indicated in Assoc
reject.
Change-Id: I6363bf5346ff8804611afbac3058819dc820092d
CRs-Fixed: 2070452
Trigger packet logs if deauth/Disconnect comes with reason code
other than eSIR_MAC_UNSPEC_FAILURE_REASON,
eSIR_MAC_DEAUTH_LEAVING_BSS_REASON,
eSIR_MAC_DISASSOC_LEAVING_BSS_REASON
Change-Id: I906abf4e4b7c7b9fb109fa1ead1afed15a9f5e81
CRs-Fixed: 2071173
In packet logs currently HB failure, HO failure and No scan results
are marked as Non Fatal and because of that, these failures are not captured
in packet logs.
Fix this by making these events as FATAL.
Change-Id: I6db2f3cd843b7f84081332f2385fbfb0a2992078
CRs-Fixed: 2061842
In certain cases HDD fails to receive callbacks for the scan requests
queued to SME. Kernel may free up these scan requests due to timeout.
During driver shutdown and exit if scan done is performed on these
stale scan requests, kernel crash may occur.
Set a timer of 60 seconds on queued scan requests, after expiry BUG_ON
for debugging purposes.
Change-Id: I6db155b17a8a5ae87208ec84eaab221a53623a63
CRs-Fixed: 2070594
If registration of callback 'hdd_send_action_cnf_cb' fails with PE due
to some error case, then PE is not going give the ack confirmation
for action frames which can lead to in p2p connection failure.
CRs-Fixed: 2075708
Change-Id: Ia7b670f186975f5139e37e79230de56bc8ab868b
During wlan disconnect before disabling tx queues, observed continuous
logs in ndo_start_xmit, because of invalid station ID, leading to WD bark.
Move log level to info from error, if driver fails to find valid station
ID while processing ndo_start_xmit.
CRs-Fixed: 2022473
Change-Id: I122219d22e2e19ddb3ca6aa60c38177f2a95ac43
sme_set_5g_band_pref is declared inside FEATURE_WLAN_ESE feature flag
by mistake which can cause a symbol undefined error if FEATURE_WLAN_ESE
is not declared.
Move sme_set_5g_band_pref outside of conditional block FEATURE_WLAN_ESE.
Change-Id: I80b045100b068d08873b136fdf676e99e36a57cd
CRs-Fixed: 2016629
Add support for 5Ghz network RSSI boost/penalty preference
based on ini values.
Change-Id: Ia3ae5dcc35b9a85fde5a609f8f27ff8b4bc35cec
CRs-fixed: 1085554
If during set link state, vdev stop fails, then the params pointer
is not removed from the vdev resp queue and set link state rsp is
called which will free this params pointer.
This leads to double free of the params memory when driver try to
remove the req params from vdev resp queue when cleanup vdev resp
queue is called.
To fix this remove vdev stop req from vdev resp queue if vdev stop
fails.
Change-Id: I1da763d2cc35c12c1b55a3c0057b893e9ef8d48f
CRs-Fixed: 2080189
qcacld-2.0 to qcacld-3.0 propagation
On some channel, AP's tranmission power is less than
regulatory tx power as per db.txt. While sending Assoc request,
driver should populate negotiated power (min power of AP's tx power and
regulatory power for operating channel) in Assoc request.
This doesn't happen currently, fix it to ensure that
driver follow negotiated power.
Change-Id: I7755894b72e4f0f7ffc371abbbda5c75b2851b13
CRs-Fixed: 2011396
Currently if the peer is not registered, we add packets to a cached_bufq
(within a peer). In case the peer is not registered for quite a long
time, or if the vdev->rx pointer is somehow not set (when the vdev is
associated), this will lead to large number of nbufs from the FW being
added to this list. Eventually, we will run out of memory trying to add
nbufs to this list.
Keep an upper threshold on the number of elements in the cached_bufq.
Drop elements once the threshold is reached.
Change-Id: I02db9347addd77976f1d84897eee20d1e6f9c4ec
CRs-Fixed: 2026991
qcacld-2.0 to qcacld-3.0 propagation
Currently, driver doesn't consider tx power which was negotiated
at the time of connection for max tx power for RRM Link Measurement
Request.
Fix this by not allowing tx power more than pSessionEntry->maxTxPower.
Change-Id: Idebe6d11e05da0b3b8186e2c84ff8ad4ac124fdc
CRs-Fixed: 2021835
When Driver does disconnect as part of heartbeat failure
or kickout event, trigger fatal event to capture pktlog.
Change-Id: I43a486afeccc4acd4be542357b803d492afde9c0
CRs-Fixed: 2030718
Currently, a hard-coded enhanced multicast filter configuration is being
sent to firmware. Instead, create a set of enable/disable APIs, and
configure enhanced multicast filter based on advertised firmware
capability.
Change-Id: I488b4a921612e1081266be8831be098d755375f9
CRs-Fixed: 2078615
