Validate the CSR session before accessing it as the session can be
NULL for invalid session id.
Change-Id: I090d75a44bb9e78cbf7f10ac08ccad9f664e6e06
CRs-Fixed: 2462598
Currently in case of CSA announcement with channel switch mode 1,
host wraps "switch wrapper IEs" of the current operating channel
for target channel. This is not expected. Driver should send
fills information about target channel in the channel switch
wrapper IEs.
Fix is to fill IE in host and ignore the IE from hostapd.
Change-Id: Ie2447fa7affdf8211a46877e0d8b0e41796f0cc3
CRs-Fixed: 2444679
In the memory allocated for del_sta_params, set_link_params and
del_bss_params is not freed if the malloc for add_sta_params
fails. This causes memory leak in wma_roam_update_vdev.
Also in wma_extscan_operations_event_handler, oprn_ind is not
freed in case of failure.
Free the memory allocated for del_sta_params, set_link_params,
del_bss_params, oprn_ind during every return.
Change-Id: I727cc734943a2abcc2cfeca3285af13eb68cfe44
CRs-Fixed: 2464098
Currently in these APIs, driver has a potential mem leak if
the code deviates from the success path:-
1. sme_ap_disable_intra_bss_fwd, param pSapDisableIntraFwd
was not freed in case of mutex acquire gets fail.
2. sme_set_wisa_params, param cds_msg_wisa_params was not freed
in case of mutex cquire fail, and in case of msg failed to
post to scheduler.
3. sme_update_sta_inactivity_timeout, param inactivity_time was
not freed in any case, and has to be freed after use.
4. wma_del_tdls_sta, param peerStateParams needs to be freed
in every failure case, in which the driver sends a del rsp in
error case.
Change-Id: Ibb6061dc399c0f408e7469e91d8084c82786a561
CRs-Fixed: 2466435
Free Dynamic allocated memory in following scenarios:
1. In __lim_ext_scan_forward_bcn_probe_rsp()
Free dynamic allocated memory for result in failure case
2. In sme_oem_data_req()
Free dynamic allocated memory for oem_data_req in failure case.
3. In sme_notify_ht2040_mode()
Free dynamic allocated memory for pHtOpMode in default case.
4. In sme_send_rate_update_ind()
Free dynamic allocated memory for rate_upd if mutex acquire
fails.
5. In sme_txpower_limit()
Free dynamic allocated memory tx_power_limit rate_upd if mutex
acquire fails.
Change-Id: I5deccb5ac10f69ad00ea860f43c821ee7e90c71e
CRs-Fixed: 2465786
In function wlan_cfg80211_tdls_add_peer, osif_tdls
is allocated only for STA and P2P CLI vdevs. So if tdls connection is in
progress on p2p_client vdev and at the same time if the driver gets the
change iface for p2p client to p2p device, p2p device vdev is created
with the same mac address replacing the p2p client vdev.
Now if supplicant issues add_station command after change_iface
on p2p interface, it tries to access osif_tdls pointer which is not
allocated for p2p device vdev. This can lead to NULL pointer access
of osif_tdls.
Add check for NULL pointer before accessing osif_tdls pointer
for adding station command.
Change-Id: I2cd63d4d758af360987e1563022918548d113d76
CRs-Fixed: 2464766
When MAC address is changed dynamically and dump station
command is invoked driver is not giving the updated MAC
address as the output of the command.
To address this issue give the correct MAC address from
net device.
Change-Id: I4effb1fe4d52f35c0df7beb7884e7943215d73f8
CRs-fixed: 2463418
NAN is not supported on ROME platform, Disable
CONFIG_QCACLD_FEATURE_NAN in qca6174_defconfig.
Change-Id: I579e26c351bc95e7739a0853f4bfb467aafabbda
CRs-Fixed: 2446747
As a SAP, there are two paths to deauthenticate peer STA as:
1. Deauth issued from south bound interface (peer sending deauth etc)
2. Used issued deauth from upper layer (via hostapd_cli)
We have a race condition when deauth comes for the same peer from both
the ways resulting into process one after another.
This is happening since no check is being done at north bound interface
before issuing deauth request to SME.
Adding a check validate if deauth already in-progress for the mentioned
peer before issuing deauth req.
Change-Id: I2050cf5558dbdf6d656694c39e9f1e461e17bf01
CRs-Fixed: 2459967
Failed to set the RRM scan dwelltime below 40ms.
Modified RRM scan request API to accept active dwelltime
below 40ms and 110ms for passive scan.
Change-Id: I0a1030c6c719950c08db0bc164623556b187fe9d
CRs-Fixed: 2454281
Clear the userspace blacklist info when a new
command for set blacklist BSSID comes to the driver
even if the userspace sends zero BSSIDs.
Change-Id: Ic2e310359d8e83c0821a0c4c8fedd90e81998627
CRs-Fixed: 2464948
Add qtime & host_time in __hdd_wlan_tsf_show, so that "cat tsf" will
print out qtime and host_time at the instant.
Change-Id: I4da440f92b7415440f9064a49777c3c3680ac1b1
CRs-Fixed: 2461503
Fill the reject ap type as the one requested by the user
in the reject ap list.
Change-Id: Ie26180293e4b0c5c212ebcd31a15fd93f9150f8e
CRs-Fixed: 2464748
The MCL qcmbr ioctl process has duplicated copy_from/to_user actions,
to make sure MCL and WIN qcmbr command processing converge, remove
the redundant copy_from/to_user in wlan_hdd_ftm.c.
This change also fixs FTM test fail issue.
Change-Id: Ie740c3dd1774f5a2bf8f928814d58fb310a7a76d
CRs-Fixed: 2436024
Add NULL validaiton check for WMA global context
to avoid possible NULL pointer dereference.
Change-Id: I1cf0bcf574d397eb712ca0e1c39dcf848b9c5328
CRs-Fixed: 2423998
In function mlme_init_vht_cap_cfg(), initialization of
CFG_VHT_SU_BEAMFORMEE_CAP is done using the cfg_default() api,
which always returns the default value irrespective of the
ini configured.
Use cfg_get() api to get the default value of ini items.
cfg_get() api use gTxBFEnable ini for SU beamforce caps
Change-Id: I17062548931b5032dfdd56652ddaef2b96c8864e
CRs-Fixed: 2462350
In LFR2 scenario, STA roams to IOT AP with which max nss
capability is advertised because ini configured vendor OUI
and data for max nss is found in AP's beacons or probe
responses. On receiving association response with reduced
nss, nss is not updated as part of add_sta. This is resulting
in incorrect nss to be sent in peer_assoc command.
Fix is to update MCS set so that appropriate nss is sent in
peer_assoc command.
Change-Id: Id137a09f24063c8260c21eda6cd74cbb571b9129
CRs-Fixed: 2464318
It won't send mgmt frame with NULL channel information currently,
which is different to other branches. Add this change because up layer
pass NULL channel information when tx mgmt frame in some platform.
Change-Id: I689d64789187fe0df03ed57ef0ff10c5157aeeb6
CRs-Fixed: 2459485
In some cases i.e. after successful roaming, NUD FAILURE is
triggered due to no ARP REQ packets are sent out by netdev.
Currently, we do not have any information to verify if ARP
packets are not sent because netdev queues are paused or not.
Retrieve the netdev queues status in case of NUD FAILURE to
verify if TX is stopped due to paused queue.
Change-Id: I324afdc349cf6b028471a21ed89bc702f99e5f99
CRs-Fixed: 2441513
Currently with the support of Blacklist manager
component, all the blacklist, avoid list, RSSI-REJECT
list is maintained by the BLM, hence the filter logic
of the blacklist APs in the scan component is not
required.
Cleanup the blacklist BSSID APIs, and related functionality.
Change-Id: I4c8283d2c5e4ca66c24a25d31a74026510bb452c
CRs-Fixed: 2464188
CFG_VALID_CHANNEL_LIST_STRING_LEN as array size passed to
qdf_uint8_array_parse, which is more big than array size. So pass the
actual size - CFG_VALID_CHANNEL_LIST_LEN to that function.
Change-Id: I7596c0887147523570450dbac4dba2d03e7fe8b6
CRs-Fixed: 2462613
Wait for LFR 2.0 based Roaming sequence to complete before
processing disconnect command from cfg80211.
Change-Id: Ib596aa56ccc322f5ba87b46685bbc299793c9d5b
CRs-Fixed: 2464112
As part of start_ap or connect_start to teardown active tdls peers
hdd_notify_teardown_tdls_links is called with argument vdev. But
TDLS might not be enabled on that vdev. With recent changes,
osif_priv object is initialized as part of tdls_vdev_init.
For the new interface if TDLS is not initialized then osif_priv
object will not be found and TDLS peers are not removed.
Change-Id: Idcf690bba2766664700a4851d390ee620f2fe73a
CRs-Fixed: 2460108
Currently the driver does not populate the score config
param for 5ghz connection, hence the nss for STA in 5ghz
connection becomes zero by default, and thus results in
a lower score for that BSSID, which should not be the
case.
Fix is to populate the vdev nss 5ghz for STA score config,
which would result in correct nss param.
Change-Id: I5276446caeaf9e68e2e422c403cfd05e68b58545
CRs-Fixed: 2463288
Add support for roaming in case the driver
detects a nud failure. The STA then would roam
to another BSSID, else if the roaming gets failed
the STA would remain connected to the same BSSID
as connected before.
Change-Id: Idbc99b0ce2f9cacd97564dd8cf9892120958eda2
CRs-Fixed: 2461675
Link BLM exposed APIs to the following:-
1. csr_get_scan_result:- Link this API with filter bssids in
the reject ap list maintained by the blacklist mgr.
2. lim_assoc_rej_add_to_rssi_based_reject_list:- Link this API
with the the blacklist mgr add bssid to reject list to add the
OCE and BTM related assoc rejects.
3. Userspace avoid list parsing logic for the userspace to set
the BSSID as avoided.
Change-Id: Id51ffb80cea3f845fefe14db25d0f7acda6ea0f3
CRs-Fixed: 2461281
In sme_handle_bcn_recv_start, 'mac_ctx->roam.roamSession' is not
validated for null before being passed to CSR_IS_SESSION_VALID where
dereference can occur.
Validate mac_ctx->roam.roamSession against null before passing it to
CSR_IS_SESSION_VALID.
Change-Id: I48638a320f29a906a6e8a35c000191265313b734
CRs-Fixed: 2462682
