If CSA Wide BW IE is present the sec channel offset is always set to
csa_params->sec_chan_offset which is always 0 and thus for next CSA the
BW will always be set to 20 MHz.
To fix this set proper sec channel offset if CSA Wide BW IE is present.
Change-Id: I813b04683cbce3f4f933562c23511de92ce4bcef
CRs-Fixed: 2062475
In case user space disconnects, directly send ROAM_SCAN_OFFLOAD_STOP to FW
to avoid delays in queues.
Change-Id: Ia6e458617818da5ad2e956cd30a203652949db21
CRs-Fixed: 2035160
Beacons with NULL IE's are triggering crash
in framework.
Add condition check in WMA to drop beacons
with NULL IE.
Change-Id: Ie28cd513713668334a77a2e8f5f345d79f68fcb5
CRs-Fixed: 2047525
Beacons from NAN devices triggering crash in framework.
Don't update the NL with the NAN device beacons.
Drop NAN device beacons in WMA before processed by PE.
Change-Id: I754591459d7a02848454d506b85847b1993aac53
CRs-Fixed: 2047525
Vdev restart cmd is sent in vdev stop response handler during the
hidden ssid restart process. Lim sends beacon template cmd after it
sends the hidden ssid restart cmd so beacon template is sent to FW
after the vdev stop cmd and before the vdev restart cmd as vdev
restart is sent during vdev stop response handler.
Send the beacon template after vdev restart is successful during
the hidden ssid restart process.
Change-Id: Ia75bde4ce8c564133e2b2a7bd4011089e52808e7
CRs-Fixed: 2039224
If CSA offload is enabled, FW send the CSA offload event for
the channel switch, so ignore the CSA IE check in beacon and
probe response frame processing.
Change-Id: I3f0d204317a4d26dc503c350307f4c144bf8672d
CRs-Fixed: 2060145
Host should keep the wake lock from the time it sends set hw mode request to FW
till it receives the set hw mode response. This will avoid any fatal
crash condition.
Change-Id: I6ab1020811100be1adbb70b90a06285dc8bed88c
CRs-Fixed: 2060010
Increase packet header bytes to 256, HL1.0 target offload features on
iHelium FW requires header bytes to be increased from 64 to 256bytes.
And round up the HTT_RX_BUF_SIZE to CACHE_LINE_SZ.
Change-Id: Iec45f5747956d0797411f76c2fec1368a13e7d6d
CRs-Fixed: 1039073
During p2p find one or more remain on channel requests are queued
for execution. Memory leak is observed if module exit happens before
roc cancel is called.
Free the memory allocated in the ROC request queue nodes during exit.
Change-Id: I10d77266652f497f556a0a26b617856d81e982a7
CRs-fixed: 2032162
A psoc object is being created in hdd_wlan_startup, but not freed in
case of an error. Free any allocated psoc object in hdd_wlan_startup
as part of the existing error handling.
Change-Id: I6292188c4b92198ea157f6e2f1519b89fc991ad5
CRs-Fixed: 2059166
Add audit comment in cfg80211_conditional_chan_switch to express the intent
why policy table is not used in this API.
Change-Id: Ia2e7dd4d92283794ce389d6c202d4a69338d89bd
CRs-Fixed: 2056564
Currently attributes are not validated in __wlan_hdd_cfg80211_do_acs,
this can lead to a buffer overread.
To resolve this issue, Define an nla_policy and validate the
attributes.
CRs-Fixed: 2054685
Change-Id: Ic1bd5abbef09407f925625b709f10cf9cb7c3d7f
Check if a IE has been encountered more than max possible for that IE
while parsing a frame.
Change-Id: I1054c7df18780469849be55fc4343f09ac502a49
CRs-Fixed: 2058261
WMI beacon template wmi cmd is converged in WMI layer.
Use converged beacon template WMI cmd and legacy cmd
is removed.
Change-Id: Ia76ec059489d9faa7b5420a8eb88c89ffe0807dc
CRs-Fixed: 2038284
Some of the TDLS functions have info level logs and it
causes kernel log buffer overeflow and triggers
WD bite.
Reduce the log level from info to debug.
Change-Id: I2878a617f4e06eea6c3aaafd218e0cbbdd999070
CRs-Fixed: 2043718
If the driver recovery is in progress, unmap events may not come
from firmware. Ignore the peer_unmap timeout in such case.
CRs-Fixed: 2033452
Change-Id: I284c57530a477953247ad325dfaddff72767aecf
Peer may get deleted between the time peer_unmap_timer fires and
the handler gets executed in mc thread context, causing memory
access error. Use qdf_timer_sync_cancel() to wait for the handler
to finish its job before freeing the peer object.
CRs-Fixed: 2026393
Change-Id: Ie60b5c300be529d529f7e836adc0e3be917fe2e8
Initialize peer_unmap_timer during peer attach instead of at the
time of peer detach. Then ol_txrx_unref_delete can destroy
the timer without peer detach getting called earlier.
CRs-Fixed: 2014183
Change-Id: Icebec27d5562350871a89b5cf71ae99f096feee8
Add a timeout handler that fires off 6000 ms after peer detach
operation is initiated. Used for debugging the scenario of missing
peer unmap events after deleting a STA type peer.
CRs-Fixed: 1109867
Change-Id: Iad18f374ba3c1458c5214befd1d5c1517a7bdedf
RX wake lock is only required for:
1) Unicast data packets
2) Local ARP data packet
Fix logic in hdd_is_arp_local() such that RX wake lock is only
acquired for above 2 data packet types.
Change-Id: I38899ed19f3481396663ba316abab0965e2cec56
CRs-Fixed: 2044288
Currently in __wlan_hdd_cfg80211_p2p_lo_start() there are multiple
issues with the incoming cfg80211 vendor command handling:
1) A policy is not supplied when invoking nla_parse() which prevents
basic sanity of the incoming attribute stream.
2) The length of attribute QCA_WLAN_VENDOR_ATTR_P2P_LISTEN_OFFLOAD_DEVICE_TYPES
is not properly validated.
3) The length of attribute QCA_WLAN_VENDOR_ATTR_P2P_LISTEN_OFFLOAD_VENDOR_IE
is not properly validated.
To address these issues:
1) Create an appropriate nla_policy and specify this policy when
invoking nla_parse().
2) Validate the length of QCA_WLAN_VENDOR_ATTR_P2P_LISTEN_OFFLOAD_DEVICE_TYPES
properly to prevent potential over read.
3) Validate the length of QCA_WLAN_VENDOR_ATTR_P2P_LISTEN_OFFLOAD_VENDOR_IE
properly to prevent potential over read.
Change-Id: I0a76dad8cccc6158f7ef3da293a6462acd839bfb
CRs-Fixed: 2054755
Current driver sends association response when it receives reassociation
request which creates the IoT issue.
Fix the sub type.
Change-Id: Id86966794cf45e4596473fb68e9b400489bc7041
CRs-Fixed: 2014103
The HIF portion of Unit-Test suspend has been refactored. Update HDD to
use the updated Unit-Test Suspend APIs.
Change-Id: Id10f6f5811e836844980b929f2747b1238bcf95d
CRs-Fixed: 2055332
Make sure to decrement sap context ref count in wlansap_roam_callback
for failure case also, else this will prevent freeing sap context memory
in during driver unload in wlansap_close().
Change-Id: I07bd8a254196e2fc38018b738b20a9f6746d6b92
CRs-Fixed: 2012433
In case HT peer rates are malformed and MCS 0-7 are not supported
set them forcefuly because as per spec, a 11n connection must support
MCS 0-7
Change-Id: If599c1478b9d3231da589576ef5ba9236b58ce4c
CRs-Fixed: 2059506
There is a buffer overflow while using sscanf.
To resolve this, use sscanf according to buffer length.
Change-Id: Ida2444b42ef6b73ea6f55735166df941158a6e50
CRs-Fixed: 2059779
In LIM, move functionality to find session for a given MAC address in
separate function so that this code can be reused by other functions
if needed.
In HDD, remove logic added to find adaptor for a given MAC, instead use
existing function hdd_get_adapter_by_macaddr.
Change-Id: I989f09ffcbee3a717c22c267a01dafd1b404da64
CRs-Fixed: 2004223
