The Android Packet Filter (APF) is the preferred method for filtering
packets, but the legacy Packet Filter may also be used. In order to
encourage the use of APF over Packet Filter, disable Packet Filter by
default. Customers may still enable Packet Filter via setting
gDisablePacketFilter=0 via ini configuration.
Change-Id: I581a4001167571efbc7c1c1738c5585e4bde0611
CRs-Fixed: 2195111
If force SCC is enabled and there is a STA connection, trim the
ACS channel list on the band on which STA connection is present.
Change-Id: Ibd580a7afdcdfc5fb4398ada547565e229d59c70
CRs-Fixed: 2191792
PE is not freeing the second level of allocated memory during MC
thread message queue flush logic and hence leaking the memory.
Free second level of allocated memory in pe_free_message such
that message posted from WMA is still freed even if MC thread is
shutdown during driver unload/SSR.
Change-Id: I6a88d3b331c29496bc7c1d9e451c97206a2b85cf
CRs-Fixed: 2192884
After successful connection, if interface down(STA) happens on DUT
and if AP changes data rates before interface up happens, there
is a possibility of STA to send packets at older data rates, because
of holding older scan results in SME scan cache. This results in using
stale scan result even after wifi turn off and on. If stale scan result
is used and if AP has updated some params like rates DUT will not be
using those supported rates for tx which is an issue.
To mitigate this issue, flush scan results on STA interface down.
Also, make sure there are no other STA interfaces before flushing
scan results.
Change-Id: I3505c128276fa8e5e05ea5d9110eb75275a746e9
CRs-Fixed: 2171523
If force rsne is set i.e testbed STA mode, the auth type and
encryption type set in RSNE provided, may not match with the AP.
In this case driver will not find the AP in filtered scan result
using the encryption and auth type provided in RSNE.
Thus no Assoc req is sent to AP and the test case fails.
As part of the fix set all authtype and RSN encryptions in filter
so that driver is able to find the AP and send Assoc request.
Change-Id: If99df221b10c5276f902df2f0a52b87e4df1be2c
CRs-Fixed: 2192174
Add ini support to Enable/Disable chain selection optimization
for one chain dtim.
Change-Id: I95999a4204f2d978abc9951688332400b9670f0e
CRs-Fixed: 2189150
In SSR or driver unloading case, directly exit may cause obj
leak. Free the objects in those cases, regardless of
sme_close_session status
Change-Id: Iaf0500aca23917f84c37848cd3abade66b7d7456
CRs-Fixed: 2187579
In sap_update_rssi_bsscount, bss count for channels is
incremented based on offset only and does not consider
if channel on which scan result is received and the
offset channel belong to same band. This could result
in incorrect increment of bss count for some channels
when channels from both bands are present.
Fix is to increment bss count based on channel offset
only if both channels belong to same band and also
choose channel with lower bss count among the channels
having least weight.
Change-Id: Icee978fc40047782c79fe36cba29e3feed3c90aa
CRs-Fixed: 2191324
If Deauth/Disassoc timer is currently running when lim_cleanup
happens due to SSR, the memory allocated for Disassoc/Deauth Req in
mac context is not freed leading to memory leak.
Free Deauth/Disassoc Requests stored in mac context in lim_cleanup
Also check for existing Deauth/Disassoc Request pointers stored in
mac context and free it before assigning it to point to the
current request.
Change-Id: Id7e221bd9d5061ecaa9b73a4fe1dc0f465f68aa9
CRs-Fixed: 2191131
In function wma_vdev_stop_resp_handler, resp_event->vdev_id is
received from the FW and is used to access the interfaces array in
wma_handle. This could lead to OOB read/write if the vdev_id
received from the FW is greater than or equal to max_bssid.
Add check to return failure if resp_event->vdev_id is greater than
or equal to max_bssid in wma_vdev_stop_resp_handler
Change-Id: I1af5312e6c45db3b9ba03fbf45de3d3c2a7fab20
CRs-Fixed: 2185477
Is firmware down check is added explicity in some api's and insome
northbound interfaces it is not added resulting in waiting for
firmware response even when the firmware is down.
Move firmware down check to validate context umbrella where
other driver states are validated.
Change-Id: I42a520f8a573825fde55a40dd03bb942f8a34b9c
CRs-Fixed: 2188938
Currently in case of static driver, wififtmd which writes into the
bootwlan and wifi-service which writes into the state_ctrl_param
executes in parallel. The handler of boot_wlan and state_ctrl_param
in driver intialize this wlan_start_comp variable and wait for its
completion. If one handler is already waiting on this event and other
handler reinitalize the event then it leads to the instability.
To mitigate this issue
1) set the driver loaded state to true and then complete the
wlan_start_comp event.
2) create the state_ctrl_param fs only once the boot_wlan handler
wait is completed for probe.
CRs-Fixed: 2158126
Change-Id: Ia51811a0dd2c5b52f7eee781c4d4620174de3649
In lim_set_rs_nie_wp_aiefrom_sme_start_bss_req_message, length passed
to unpack RSN IE is total length of WPA and RSN IE. So if only WPA IE
is present in assoc request, the RSN IE parser will try to validate the
buffer beyond the RSN IE and might fail as the buffer belongs to WPA IE.
Pass appropriate length to unpack RSN IE.
Change-Id: Ie679e67061e7ac622e8e76b285a32135a60ca6e8
CRs-Fixed: 2189926
As part of csa or opmode IE handling program phymode param after
ch_width since firmware expects channel width to be programmed
before phymode.
Change-Id: I46e3a5e1ce94fa53e27f821e70c29e209e591865
CRs-Fixed: 2186030
If command type is FTM_IOCTL_UNIFIED_UTF_RSP set copy_to_user
flag to return proper data to userspace.
Change-Id: I5f4a1e147f3d1dc162001ceb69fa6823b3158787
CRs-Fixed: 2191046
HDD IOCTL __iw_setnone_getint is not releasing SME config memory
in error case properly and hence leading to memory leak. Fix this
SME config memory leak by properly freeing it before returning from
__iw_setnone_getint.
Change-Id: Ie50259a639edb2cfa63cd3bbe7cac8bb8ebb7654
CRs-Fixed: 2191041
Upon receiving a ROAM_START from the firmware,
cancel the current scans which is similar to
initial connection which will avoid unnecessary
frames to the host during the connection process.
Change-Id: I0c9a4dd7cd4d58e0583cc44b5e33e88728eb70bb
CRs-Fixed: 2174921
In handling assoc request make sure to use VHT IE or vendor VHT IE
appropriately for suBFormee/suBFormer calculation.
Change-Id: I3934a0c7229a8a400d1aa54fe3bf0bc3513d4d70
CRs-Fixed: 2159206
Currently, driver allows multiple acs scan requests at a time. Due to this
race conditions can occur and causes "use after free" issue for variable
channelList. To avoid race condition, driver should allow only one acs scan
request at a time.
Add a new atomic variable to make sure that if one acs scan request
is in process, the driver should reject all further acs scan requests.
Change-Id: I7aa2f4df0dd4c6ca8ff791fe462d142fc7b3e691
CRs-Fixed: 2176354
Packetlog initialization is failing as txrx_get_pldev API is missing,
which returns paketlog object from the given pdev.
Add txrx_get_pldev API to get packet log object for the given pdev.
Change-Id: I2219a5c0964e76637ff8dbef92661b98cd22fb28
CRs-Fixed: 2189211
Currently in hdd_get_sta_connection_in_progress, conn_info.uIsAuthenticated
is used to check if the STA connection is in progress. However, this might
not reflect the actual state and might still lead to the deadlock scenario
fixed in I23ad1fc96882abeaae2d1b051659ea6d24b07428.
Add new API to check for SME state for key exchange in progress and
use it in hdd_get_sta_connection_in_progress.
Change-Id: I7d6199ed8c81a113c4e3f30538d74fb675e730ff
CRs-Fixed: 2189814
