If the ssid_len was greater than the PRE_CAC_SSID string,
memcmp would do an out of bounds memory read. Fix by
adding a length check.
Change-Id: I0d72cfdb2faea74db06640df7418f2a7aecd9afb
CRs-Fixed: 2098988
Stats printing with excessive loops should not go to the console.
Avoids watch-dog bites.
Change-Id: I2ff67827d8bb975bc4ddbb4d70c88283e8ea231e
CRs-Fixed: 2088027
qcacld-2.0 to qcacld-3.0 propagation
The txrx_fw_stats cmd will allocate a req object before sending the cmd
to the firmware, this memory is only freed when get response from firmware.
The memory leak will appear if the firmware doesn't response in time before
the driver unloading.
This fix will add a pending queue to trace this req object in the pdev.
when pdev is detaching, it will clean up this queue to avoid memory leak.
Change-Id: I35f6216d35befbab978bba161252b305488bd34c
CRs-Fixed: 2116408
The Wow pattern id should be identified unique for different vdevs of
legacy firmware, and latest firmware accept same Wow pattern id on
different vdevs.
This change is to differentiate this behavior using
WMI_SERVICE_UNIFIED_WOW_CAPABILITY flag, and supply a set of APIs to
manipulate pattern id.
Change-Id: I5fe7623a309a0c3baa14fb7312107c057e994462
CRs-Fixed: 2103017
Info level logs are logged on console, hence change PMO logs in
wlan_pmo_tgt_gtk.c to debug log level to avoid excessive console
logging.
Change-Id: I8f19e8651927a7c3cae9ee1e1118f983c063b3ed
CRs-Fixed: 2116340
Info level logs are logged on console, hence change PMO logs in
wlan_pmo_ns.c to debug log level to avoid excessive console logging.
Change-Id: I60620f6a3ce4fe708f026a554a5295c1f708f485
CRs-Fixed: 2116335
Info level logs are logged on console, hence change PMO logs in
wlan_pmo_arp.c to debug log level to avoid excessive console logging.
Change-Id: I4eef5203f612b3ddaace30d4da43c13103dd60c7
CRs-Fixed: 2116328
sap_dfs_is_channel_in_nol_list will return true even for the channels
which are not in the nol list.
When sap_dfs_is_channel_in_nol_list gets bonded channels, it gets the
bonded channels of current channel of the sap rather than the input
channels, so after radar is detected, the current channel of the sap
is in nol list, and sap_dfs_is_channel_in_nol_list returns true for
all input channels.
sap_dfs_is_channel_in_nol_list should get the bonded channels of input
channels.
CRs-fixed: 2105496
Change-Id: I7c5fc06c66c004aa5c1a208376d1ab4b88956a6f
Info level logs are logged on console, hence change PMO logs in
wlan_pmo_suspend_resume.h to debug log level to avoid excessive
console logging.
Change-Id: I77edb26ce3eb61573bba830787fe0ffb32eb6281
CRs-Fixed: 2116321
Info level logs are logged on console, hence change PMO
logs in wlan_pmo_main.c to debug log level to avoid excessive
console logging.
Change-Id: I1f3c00537ce850079a06aaf479bdb917e7ea55e2
CRs-Fixed: 2116314
When kernel panic happen, if WiFi FW is still active,
it may cause NOC errors/memory corruption, to avoid
this, inject a fw crash first.
Propagated from qcacld-2.0
Change-Id: I97a696a02dfd73aaca212ef1bca9f3597df1e382
CRs-Fixed: 2052332
Requirement to detect if a PLD OP has stuck for a long time.
Define a timer for 30 seconds and let it run during pld ops
probe, reinit, remove and shutdown. Upon expiry print important
debug information then either trigger recovery or BUG ON.
Change-Id: I6c132cb71917cec7dead9c6c91ce6778e20bffe7
CRs-Fixed: 2090785
In certain restart sequence of the modem, wlan driver is forcefully
removed and re-probed during the firmware ready. Supplicant receives
the RTM_DELLINK/RTM_NEWLINK events as part of unregistration of netdev
from remove and registration of the netdev again as part of re-probe.
As soon as the RTM_NEWLINK indication is received by the supplicant
it tries to bring up the interface, the request for bringing up
the interface is rejected by the driver since it is still in the
re-probing phase resulting in the scan failure and other failures.
To mitigate issue synchronize the interface up with the loading/unloading
of the driver.
Change-Id: Ie467e729a4736a0ee580c4df8d75099cf070d7bf
CRs-Fixed: 2058390
In function csr_get_dot11_mode, CSR_GET_SESSION may return NULL if
session_id is an invalid value, check it before use this pointer.
Change-Id: I7c29ca455add9f0a8b19a6ca98e1f2bb319a1c9d
CRs-Fixed: 2071449
During probe if htc_wait_target fails with any error status, driver will
BUG_ON except when the FW_DOWN bit is set. This is to let probe fail
gracefully in case of recoverable errors and BUG_ON for fatal errors.
So driver will BUG_ON for NOMEM errors as well, even though recovery is
possible in this case with a driver load retry.
Do not BUG_ON in case of error status is NOMEM or FW_DOWN is set.
Change-Id: I0e7cbd4db8263765f0d97709ec30de6aefb6fae5
CRs-Fixed: 2102844
Packet filter params is supported only for Station mode presently,
configuring the filter for other modes results in failure in fw.
To mitigate the issue reject the packet filter for other modes than
Station mode.
CRs-Fixed: 2029356
Change-Id: Ic2c1786dcf8d8980a104af2ee6916489dd2ec423
Applications in the userspace can sleep on the RTM events from
the driver. One such application waiting of RTM_NEW_LINK indication
does interface up as soon as it recieves the indication, so the
kernel takes rtnl_lock to call the dev_open on the interface.
Load/unload of the driver and dev_open of the interfaces are
synchronized with hdd_init_deinit_lock. So the __hdd_open is waiting
on the hdd_init_deinit_lock which is currently held by the driver
loading context. After registering the interfaces driver goes to
register the netdev notifier which is blocked on the rtnl_lock
currently held by the dev_open resulting in deadlock.
To mitigate the issue register the netdev notifier before the
interfaces are registered.
Change-Id: Ibb0c187a43ad87fa535ff583316af430e1ddf04f
CRs-Fixed: 2078720
In the Loadonce unload never driver the modules_start and modules_stop
happen multiple times and presently the memory for target_name is
allocated multiple times during the start_modules but freed only
once during the module_exit, so when the driver is unloaded
this can result in a crash.
Moving this to stop_modules will help in freeing this everytimg.
Change-Id: I87a92c8b411fb0ae148a293d74e6914246b88014
CRs-Fixed: 2107392
In certain cases during the SSR/PDR after shutdown the interface
up of the driver can be invoked before complete recovery is completed.
This can lead to accessing the bus which is not clocked or other issues.
Block the interface up from the upper layer until the recovery is completed.
CRs-Fixed: 2096446
Change-Id: I6b6569a10520d58e005e56046288ccc10592f725
Roam sync indication checks for csr roam state to determine if user
disconnect is not in progress. But there can be a race condition
where the csr roam state is not updated by disconnect and while
roam sync check the state and proceed.
To fix this set the disconnect in progress flag in sme session
as soon as disconnect starts in HDD and use that to determine if user
disconnect is not in progress when roam sync is received.
Change-Id: Icf541b698eb194621d19b03f281ec3dfd552e373
CRs-Fixed: 2112912
Some vendor APs are not able to handle the SMPS frames causing the
APs to crash.
Add new vendor AP OUIs, compare the vendor AP OUIs with AP capabilities
and if there is a match and also check if the AP is 4x4 11ac then
associate in 1x1 to that AP.
Change-Id: I91b56d67a2d20b9e6eae8e7b6e14db4d2905ec29
CRs-Fixed: 2094490
Add support for handling vendor sub command
QCA_NL80211_VENDOR_SUBCMD_ACTIVE_TOS and parsing its attributes.
CRs-Fixed: 2069865
Change-Id: I38f761f20007a04063b0e0680793aedcabd02c6a
Set the limit off-channel command parameters and conc_system_pref
according to active tos indication from application.
CRs-Fixed: 2066088
Change-Id: I896999adb59aa468daf33364c708d95ef3062018
Driver is updating WMI_CHAN_FLAG_PASSIVE flag for DFS channels
while sending 'WMI_SCAN_CHAN_LIST_CMDID' command to firmware.
Driver should also update the WMI_CHAN_FLAG_DFS flag for
DFS channels. Otherwise functionality like skipping DFS channels
as part of scan request may not work.
CRs-Fixed: 2103636
Change-Id: Ia146eaad93deab778d5ce7a8647f5c0ba7068ead
At IPA UC detach after free IPA TX resource TX comp
ring and TX CE index pointers reset them to NULL.
Change-Id: If6a1b2857d14f5fff2f47e541156ce2c27fb33a3
CRs-Fixed: 2111959
Currently during PDR after client disassociation IPA client
disconnect event is not send because of recovery in progress
condition. After reload IPA pipes are not enabled as IPA context
number of connected stations are non zero which leads to data stall
of backhaul traffic. In this change remove recovery in progress check
which is not necessary in this case.
Change-Id: Id465f78fc224e2c08fb3977266e7032666a22692
CRs-Fixed: 2105106
Currently there is a race condition during enable of IPA WDI pipes
after IPA_RM_RESOURCE_GRANTED notification from IPA RM and at the
same time client disconnect happens. Because of this race condition
subsequent enable IPA pipes at the time of client connection IPA
driver returns error as the pipes are not disabled before. In this
change after requesting IPA resource check for IPA pipes state and
if pipes are not enabled then enable the pipes.
Change-Id: Idd0d4089efa5b81d5301a278fb0dd836db0ecb48
CRs-Fixed: 2082118
IPA's exception path buffer is not freed if adapter is invalid.
Free exception path buffer if adapter is invalid.
Change-Id: Iacaea4d96a6233764da3cf4b302d7ed9affe6d95
CRs-Fixed: 2092131
The IPA SKB's stuck in exception path are flushed after
adapter is deleted can lead to null pointer dereference of
adapter as IPA skb's have reference to this adapter in
their CB struct.
Flush ipa_pm work during the stop adapter and ensure the queue
is emptied and no outstanding buffer from IPA exception path.
CRs-Fixed: 2092131
Change-Id: I24f0c166cee1b5e0fed1c0c49a53c1a2117c900c
Recovery is triggered if rx hash table look up fails due to invalid
physical address. Since netbuf is not found in this case and null
netbuf is de-referenced after recovery is completed and this leads
to null pointer exception.
Exit gracefully if netbuf pop fails from rx hash table.
Change-Id: I66b3d1cf9aa05da235212923a551e58d86153e55
CRs-Fixed: 2094521
When system is under low memory condition and skb allocation fails,
RX ring msdu is not attached in ring replenish logic and Ring refill retry
timer refills the ring debt at the interval of 50 ms.
If refill retry fails to allocate the memory, refill debt is not updated and
this is resulting in retry logic failure.
Update refill debt when retry allocation fails to allocate
rx ring msdu.
Change-Id: I4d2230e4984e26b44db663e7e7f20c73ae90b0f0
Country codes IQ and GI are not recognized by driver.
Add driver support to recognize country code IQ and GI.
Change-Id: I76997d4426718a57fee23c9774153f1adc597c44
CRs-Fixed: 2104094
Do memzero of htt_frag_desc inside HELIUMPLUS flag as
htt_frag_desc is defined only for HELIUMPLUS.
Change-Id: Ie738881c5330956b24376f145f03dd977bf88f7b
CRs-Fixed: 2096935
Presently, htt_frag_desc is not getting zeroed out explicitly.
So fw can take the invalid/garbage data in the frag information
and treat it as a valid address which may lead to crash.
Memzero htt_frag_desc before use.
Change-Id: I9dadcb883a65c43f96e810a12b4fb491c3a2e734
CRs-Fixed: 2088448
When no channel is selected from ACS and fallback channel
is invalid, a default channel is selected but the channel
width remains invalid due to which ASSERT is happening.
Whenever default channel is selected, select default channel
width of 20 MHz as well.
Change-Id: I885e01d1324484b84e04675238d2e1f8cd10e30c
CRS-Fixed: 2112806
Add logic to mark first wakeup packet even if offload bit is not set in
the htt rx indication message sent by fw.
Change-Id: Ide50dcfcf88ecd0c71b32b0e746742dc49d08567
CRs-Fixed: 2110627
Add ini items for current and candidate rssi thresholds used in
mbo bss transition context.
Change-Id: I834c87aaaf776cdc293718fb994b4aae38af6a8b
CRs-Fixed: 2007107
