Fix array out-of-bounds access while populating the BSS rate set.
The issue was seen while populating the basic supported rate
and extended rate sets.
CRs-Fixed: 2081423
Change-Id: I8626399b7f9a04dc368daa582b6a09500a7ea015
propagation from qcacld-2.0 to qcacld-3.0.
While processing setpno ioctl, input arguments are not validated
and also while parsing arguments, there is a possibility of Host
accessing memory beyond memory allocated as there is no check
whether is Host is accessing valid memory or not.
Validate input arguments and make sure Host won't access invalid
memory, while processing setpno ioctl.
Change-Id: Ica9ea56283d55282cff3ccd349e4bc1c08b80e70
CRs-Fixed: 1097868
Rx hash deinit sets hash_table to NULL, at the same time
there can be active tasklet context accessing the rx hash list.
Prevent rx hashlist access after rx hash deinit and set the netbuf
to NULL once netbuff is popped out of the list.
Change-Id: I4e30dd69ece33c3cc768842274d5307c0bf29a37
CRs-Fixed: 2049121
sap_restart_on_ch_avoid ini parameter holds good for both SAP and GO.
So to make it generic, rename to ignore_restart_on_chan_avoid_event.
Change-Id: Ic68014a71b36e00c268da50528bf5e14fd87d007
CRs-Fixed: 2027436
Driver is disabling the tdls for 5s from the last p2p-listen request
received. This is leading to tdls connection failure even after p2p
find has been stopped.
So reducing the min and default timer values 500ms and 2s respectively.
CRs-Fixed: 2078933
Change-Id: Id1ab3945d029de8154aede403b354aec99f4cd79
The function is not present as inline in the non debug build, which will
cause a compilation error.
Fix issue by having an empty inline function in the header file.
Some counters need to be defined outside of DEBUG_RX_RING_BUFFER.
Change-Id: I755616aa55c2f38bca017137e91cc469de7fbdcf
CRs-Fixed: 2004927
Make sure sta is not null before dereferencing in
lim_send_assoc_rsp_mgmt_frame function.
Change-Id: Ifb7c4a3b1e02297906bfa1b7908c27929682cf28
CRs-Fixed: 2030304
qcacld-2.0 to qcacld-3.0 propagation
Add eCSA capability record of STAs which associated to SAP.
Change-Id: I1d7892bb1dc4e490a587e8372a4bdc7f419e8b36
CRs-Fixed: 1094958
Presently during the mac open the globalmac context is memset to
zero and the based on the driver_type pe sessions will be created.
During the switch from the FTM to mission mode, pe checks the
driver mode from the mac context and tries to access the invalid
lim sessions which are not created for FTM mode.
To mitigate the issue set the driver_type in the mac context during
mac_open
CRs-Fixed: 2017035
Change-Id: Iddefd2f74afb71197c3830a51f107d86736745f1
Current driver is assigning listening interval based on beacon interval
value which is incorrect.
Listen interval should be taken based on INI value.
CRs-Fixed: 2080042
Change-Id: I0ad52a8042589604d51fc632fe3ce31547a26628
Due to multiple beacon miss issues observed in firmware,
Host is changing final bmiss count to 20 from 10.
Hence firmware can receive beacon in noisy environment.
Change-Id: I87e4a6eaec016f36ca22a057e0d9812c0b8696ff
CRs-Fixed: 2082088
In the existing impementation, once wma_is_pkt_drop_candidate gets a
peer from ol_txrx_find_peer_by_addr, the peer can be deleted in the
SOFTIRQ path from the unmap handler. This would make the peer pointer
'stale' resulting in access to already freed memory.
- Use standard API OL_TXRX_PEER_UNREF_DELETE to decrement peer->ref_cnt
instead of directly referencing it.
- Add a new API - ol_txrx_find_peer_by_addr_inc_ref which does not
decrement the peer->ref_cnt until the usage of peer in the caller
function is finished. The existing API ol_txrx_find_peer_by_addr
can be replaced by the new API as and when the issues are seen.
Sample usage:
{
peer = ol_txrx_find_peer_by_addr_inc_ref
/* This API gets the peer and increments its ref_cnt */
...
...
/* Once peer usage is done */
OL_TXRX_PEER_UNREF_DELETE(peer);
/*
* This API deletes the reference to the peer or the peer itself
* if the peer->ref_cnt is 0. This way we no longer depend on
* peer unmaps to delete the peer.
*/
}
Change-Id: I69fb67a4b4c9e26344d2ed1a72c383be7ac62414
CRs-Fixed: 2008583
Information in struct ch_params_s are the same for 11g and
11n ht20, so phymode is still needed to distinguish them.
Change-Id: I5ddfc011b4fd3b11c975f8b2df3a270e8141e622
CRs-Fixed: 2073580
Fix device name in the log. Current log is,
"hdd_open_adapter: xxxx: wlan%d interface created. iftype: 0."
Expected log is,
"hdd_open_adapter: xxxx: wlan0 interface created. iftype: 0."
CRS-Fixed: 2078530
Change-Id: Ida38e1e2f26d0a86382550409317ec36bd68f071
Currently both min and max rest time use the same ini param
gNeighborScanTimerPeriod.
Add a new ini param gRoamRestTimeMin for min rest time
during channel scan.
Change-Id: Ifbb0fcc736e81b292639c6f2ad3119b451bec4f2
CRs-Fixed: 2060095
If channel switch is in progress and if the HT IE received in
beacon has the BW change then do not send the bandwidth update
request to FW. After the channel switch response is received and
beacon has different BW bandwidth a new BW update request will
be sent to FW.
Change-Id: Id41bd0523f821d2b81e132318230492fda79f32a
CRs-Fixed: 2068906
Add a flag to wma_find_vdev_req api to remove the wma request
message with conditional check.
Change-Id: Ia1166659e593312a2ebf34df5eba02fb23fc335a
CRs-Fixed: 2077738
Disable SGI in 160MHz mode if short GI for 40MHz is disabled in
the INI connfiguration
Change-Id: I6a0c7c7734d4c926dc29103207afb45a3eb1da94
CRs-Fixed: 2073269
