qcacld-2.0 to qcacld-3.0 Propagation.
Operation classes supported can be controlled by user, which can
be sent greater than the max supported operations. This results
in stack overflow in change station command.
Add check to validate operations supported param given by user
and if it exceeds max supported value, set it to max supported
value.
CRs-Fixed: 2002052
Change-Id: Idd3a35e38b091546a17d7ec6329f19429e5c289c
qcacld-2.0 to qcacld-3.0 propagation.
In hdd_set_rx_filter API multicastAddr array being accessed beyond
its size.
Add boundary check for multicastAddr.
CRs-Fixed: 1104565
Change-Id: I8e1543a8f42ac40c04d2c6a17e69718d13cbd706
qcacld-2.0 to qcacld-3.0 propagation.
In __wlan_hdd_cfg80211_testmode API no checks are in place that
ensure that buflen is smaller or equal the size of the stack
variable hb_params. Hence, the vos_mem_copy() call can overflow
stack memory.
Add buf len check to avoid stack overflow
CRs-Fixed: 1105085
Change-Id: I6af6a74cc38ebce3337120adcf7e9595f22d3d8c
Currently, parsing of beacon/probe response leads to flooding of
warning messages in kernel logs.
Remove warning logs in beacon/probe response parsing. Dump IE's
only for parse fail case as debug logs.
Change-Id: I1b6898377cc196a5c4fe3d3316618104fd8b281e
CRs-Fixed: 2079652
NS Offload is not supported in IBSS mode. Configuring it while
in IBSS mode causes crash in firmware.
Do not allow ns offload in IBSS mode.
Change-Id: I1f6cf7b6c65238a9335f828321487ea784a4512b
CRs-Fixed: 2035449
Link stats memory is not freed in case of driver
unload happens before more results is received
from firmware.
Fix is to free link stats memory on wma close.
Change-Id: I3c54a0bc4951c70b2ca7116e37e0b62a5c6b7a2f
CRs-Fixed: 2083603
Currently if only one address is provided in wlan_mac.bin, it is updated
for interface wlan0. It will be copied to interface p2p0 if a specific
configuration is present. softap0 retains its mac address either generated
from serial number or given through Firmware ready event. This doesn't
guarentee a unique mac address to both these interfaces.
Regardless of configuration Both softap0 and p2p0 should have a unique
mac address with locally administered bit set.
Change-Id: I64299f5c2e2376c8dbdb26ea34ba0187d5d1f28d
CRs-Fixed: 2066086
MEMDUMP is disabled in Kbuild, Hence the driver memory dump
command is failing.
Enable WLAN_MEMDUMP in Kbuild
CRs-Fixed: 1117348
Change-Id: Ic468a78305a5df409cf95096dfea38cb27aa7c7c
During peer detach, driver starts a timer to track unmap events
when the sta peer gets deleted. During this duration SSR occurs
and BUG_ON or cds recovery is triggered. This should only happen
in non-recoverable situation, so this scenario should be avoided.
Allow driver to recover from the SSR by checking FW_DOWN bit.
Change-Id: Ieca407e5c9c30f3c4716b7d158a903add46b8bd6
CRs-Fixed: 2078395
Currently during IPA pipes connect host is passing size of each TX
completion ring size as 4 bytes instead of 8 bytes which is expected
by IPA driver. Reason is host passes size of each ring as size of
dma_addr_t which is 4 bytes for 32 bit host architecture where as
bus addresses are of 8 bytes on MAC and IPA. Fix this by passing the
size which is correct and expected by the IPA driver.
Change-Id: Ib081a3819d3a5e4f7ac61606d5ecb9aa5f3242c8
CRs-Fixed: 2037661
Propagation from qcacld-2.0 to qcacld-3.0.
There is a possibility to read uninitialized memory within api
__wlan_hdd_cfg80211_testmode.
To resolve this issue, initilaize buffer hb_params with zero.
Change-Id: Ia8061610a8c35aa7290177c0dcd2c5c36d9fcb35
CRs-Fixed: 2075796
The vendor command QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_GET_VALID_CHANNELS
coming in netdev down state resulting in crash.
Add WIPHY_VENDOR_CMD_NEED_RUNNING flag to reject the vendor command
QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_GET_VALID_CHANNELS if netdev is down.
CRs-Fixed: 1109145
Change-Id: I007341a51ccdd1b5cf5b6e2319c8b71d4f26f9ce
Currently sending qpower to FW in softap mode causes device to crash as
qpower config is not supported.
Enable QPOWER config in STA and P2P-CLI modes.
Change-Id: Idb8b3ac79e6c93533b752ac42d6ab57bb0c86579
CRs-Fixed: 2003839
In csr_validate_wep(), return value of csr_get_oui_index_from_cipher() is
used to fetch 'csr_wpa_oui' value. csr_get_oui_index_from_cipher() returns
0-14 but no.of rows of 'csr_wpa_oui' is 7.
Add changes to validate index value before accessing 'csr_wpa_oui' array.
Change-Id: I0cf16f4e8fb2c07a489991f20bc345e97b2450e0
CRs-Fixed: 2077599
Currently when driver send log flush command to firmware,
driver start timer of 10 sec.
Reducing this time to 3 sec as 10 is long timer.
Change-Id: I697fa6a4709fa0128595fb2b15493b1fa2b13b35
CRs-Fixed: 2037033
The Estimated Service Parameters element is
used by a AP to provide information to another STA which
can then use the information as input to an algorithm to
generate an estimate of throughput between the two STAs.
The ESP Information List field contains from 1 to 4 ESP
Information fields(each field 24 bits), each corresponding
to an access category for which estimated service parameters
information is provided.
Change-Id: I4d299ffbf0700574c0b207893dbbfc4fd3911849
CRs-Fixed: 2079816
Currently while registering wiphy, supported Beamformee STS Capability
and Number of Sounding Dimensions are not updated in the vhtcap field.
This results in hostapd failing to start if above two configurations
are enabled in the conf file.
Update missing vht capabilities in wiphy before registering.
Change-Id: I8db376fe1f14fd5b722e67a5889addf4c2fb7f28
CRs-Fixed: 2062520
In packet log header, element type_specific_data used uninitialised.
Initialise type_specific_data.
CRs-Fixed: 2015997
Change-Id: Ifa2bdc4c10528c8e9781249058e1767d64bec60e
qcacld-2.0 to qcacld-3.0 propagation
In sir_convert_assoc_resp_frame2_struct(), 'pAssocRsp->ricPresent' is set to
true when 'num_RICDataDesc' is 0, this causes qdf_mem_malloc() to be called
with invalid length 0.
Add change to validate 'num_RICDataDesc' to avoid above issue.
Change-Id: If5e59477efa4df01ca216904645babf769b55c47
CRs-Fixed: 2078891
In unpack tlv, length of tag and length fields are not considered
while checking for min length for the tag, this result into failure
in unpacking the TLV.
Fix it by including length of tag and length fields while checking
for min length.
Change-Id: Icf06b935a883e41426f5fcd1668ad8461b58349f
CRs-Fixed: 2070452
Add support for rssi based assoc rejection from a bssid and
Try to connect to this bssid only after time interval indicated in
Assoc reject or when rssi has improved by margin indicated in Assoc
reject.
On connection send OCE rssi reject BSSID list to firmware so that
firmware will avoid connecting to these BSSID until RSSI improve or
delta interval has elapsed.
Change-Id: I792b2874ed25227bf5fd09d8051549da96db4364
CRs-Fixed: 2070452
Add support to handle rssi based assoc rejection from a bssid and
Try to connect to this bssid only after time interval indicated in
Assoc reject or when rssi has improved by margin indicated in Assoc
reject.
Change-Id: I6363bf5346ff8804611afbac3058819dc820092d
CRs-Fixed: 2070452
Trigger packet logs if deauth/Disconnect comes with reason code
other than eSIR_MAC_UNSPEC_FAILURE_REASON,
eSIR_MAC_DEAUTH_LEAVING_BSS_REASON,
eSIR_MAC_DISASSOC_LEAVING_BSS_REASON
Change-Id: I906abf4e4b7c7b9fb109fa1ead1afed15a9f5e81
CRs-Fixed: 2071173
In packet logs currently HB failure, HO failure and No scan results
are marked as Non Fatal and because of that, these failures are not captured
in packet logs.
Fix this by making these events as FATAL.
Change-Id: I6db2f3cd843b7f84081332f2385fbfb0a2992078
CRs-Fixed: 2061842
In certain cases HDD fails to receive callbacks for the scan requests
queued to SME. Kernel may free up these scan requests due to timeout.
During driver shutdown and exit if scan done is performed on these
stale scan requests, kernel crash may occur.
Set a timer of 60 seconds on queued scan requests, after expiry BUG_ON
for debugging purposes.
Change-Id: I6db155b17a8a5ae87208ec84eaab221a53623a63
CRs-Fixed: 2070594
If registration of callback 'hdd_send_action_cnf_cb' fails with PE due
to some error case, then PE is not going give the ack confirmation
for action frames which can lead to in p2p connection failure.
CRs-Fixed: 2075708
Change-Id: Ia7b670f186975f5139e37e79230de56bc8ab868b
During wlan disconnect before disabling tx queues, observed continuous
logs in ndo_start_xmit, because of invalid station ID, leading to WD bark.
Move log level to info from error, if driver fails to find valid station
ID while processing ndo_start_xmit.
CRs-Fixed: 2022473
Change-Id: I122219d22e2e19ddb3ca6aa60c38177f2a95ac43
sme_set_5g_band_pref is declared inside FEATURE_WLAN_ESE feature flag
by mistake which can cause a symbol undefined error if FEATURE_WLAN_ESE
is not declared.
Move sme_set_5g_band_pref outside of conditional block FEATURE_WLAN_ESE.
Change-Id: I80b045100b068d08873b136fdf676e99e36a57cd
CRs-Fixed: 2016629
Add support for 5Ghz network RSSI boost/penalty preference
based on ini values.
Change-Id: Ia3ae5dcc35b9a85fde5a609f8f27ff8b4bc35cec
CRs-fixed: 1085554
If during set link state, vdev stop fails, then the params pointer
is not removed from the vdev resp queue and set link state rsp is
called which will free this params pointer.
This leads to double free of the params memory when driver try to
remove the req params from vdev resp queue when cleanup vdev resp
queue is called.
To fix this remove vdev stop req from vdev resp queue if vdev stop
fails.
Change-Id: I1da763d2cc35c12c1b55a3c0057b893e9ef8d48f
CRs-Fixed: 2080189
qcacld-2.0 to qcacld-3.0 propagation
On some channel, AP's tranmission power is less than
regulatory tx power as per db.txt. While sending Assoc request,
driver should populate negotiated power (min power of AP's tx power and
regulatory power for operating channel) in Assoc request.
This doesn't happen currently, fix it to ensure that
driver follow negotiated power.
Change-Id: I7755894b72e4f0f7ffc371abbbda5c75b2851b13
CRs-Fixed: 2011396
